Date: Fri, 20 Jun 2003 17:35:39 +0100 From: Jez Hancock <jez.hancock@munk.nu> To: freebsd-questions@FreeBSD.ORG Subject: Re: Limiting closed port RST response Message-ID: <20030620163539.GA17705@users.munk.nu> In-Reply-To: <EB2C8534-A2FC-11D7-B634-0030654886A6@overdose.com> References: <EB2C8534-A2FC-11D7-B634-0030654886A6@overdose.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 20, 2003 at 09:55:19AM +0100, Matthew Ryan wrote: > Could this be a DOS atttack? It could be, but more likely it's someone trying to determine what ports are open with a tool such as nmap. > Where do I find a more detailed log? Configure a firewall such as ipf and make sure you opt to log blocked packets. > I'm running FreeBSD 4.8 Release - the box is basically just a gateway > router running natd and dhcpd. ipf and ipnat run nicely together to provide a combination of nat and filtering - although if you already have nat running it's probably best just to configure a basic ipf firewall that allows just the traffic you want. Have a look here for more info on ipf: http://munk.nu/ipf/ My old rulesets for ipf are here: http://munk.nu/ipf/mboxen/ Regards, Jez
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030620163539.GA17705>