Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Jun 2003 17:35:39 +0100
From:      Jez Hancock <jez.hancock@munk.nu>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Limiting closed port RST response
Message-ID:  <20030620163539.GA17705@users.munk.nu>
In-Reply-To: <EB2C8534-A2FC-11D7-B634-0030654886A6@overdose.com>
References:  <EB2C8534-A2FC-11D7-B634-0030654886A6@overdose.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 20, 2003 at 09:55:19AM +0100, Matthew Ryan wrote:
> Could this be a DOS atttack?
It could be, but more likely it's someone trying to determine what ports
are open with a tool such as nmap.

> Where do I find a more detailed log?
Configure a firewall such as ipf and make sure you opt to log blocked
packets.

 
> I'm running FreeBSD 4.8 Release - the box is basically just a gateway 
> router running natd and dhcpd.
ipf and ipnat run nicely together to provide a combination of nat and
filtering - although if you already have nat running it's probably best
just to configure a basic ipf firewall that allows just the traffic you
want.  Have a look here for more info on ipf:

http://munk.nu/ipf/

My old rulesets for ipf are here:

http://munk.nu/ipf/mboxen/

Regards,
Jez



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030620163539.GA17705>