From owner-freebsd-questions@FreeBSD.ORG Fri Nov 28 16:30:30 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93CAC16A4CE for ; Fri, 28 Nov 2003 16:30:30 -0800 (PST) Received: from kifco.net (host4.kifco.net [216.65.57.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB5F943FBF for ; Fri, 28 Nov 2003 16:30:29 -0800 (PST) (envelope-from Admin@kifco.net) Received: from kifco.net (deadline@localhost [127.0.0.1]) by kifco.net (8.12.8p1/8.12.8) with ESMTP id hASKaPQ4000329 for ; Fri, 28 Nov 2003 20:36:25 GMT (envelope-from Admin@kifco.net) From: "Marwan Sultan" To: "FreeBSD questions List" Date: Fri, 28 Nov 2003 23:36:25 +0300 Message-Id: <20031128202947.M29020@kifco.net> X-Mailer: Open WebMail X-OriginatingIP: 62.150.147.230 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: security issue. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Nov 2003 00:30:30 -0000 Hello Tech. For the past few days, i had troubles connecting to my KIFCO server Kifco.net And at night around ( 23:30 GMT ) and the following hours i cannot connect at all, it connect for 1 second then everything lags, I can see slow connections and lagged ones. After all when im able to connect to the machine, I checked the dmesg log I found the follow : Limiting closed port RST response from 268 to 200 packets per second Limiting closed port RST response from 302 to 200 packets per second Limiting closed port RST response from 296 to 200 packets per second Limiting closed port RST response from 213 to 200 packets per second Limiting closed port RST response from 272 to 200 packets per second Which consider a PORTSCAN and an ATTACK. Also as I know from my friend on IRC DALnet network that dragons.dal.net is hosted in maxim, and just in this second its disconnected. Maybe because of an IRC server you have this attack? I had two IRC servers on DALnet in Past, and im familier with this trouble. anyhow, IRC is not my part of concern or who owns it. Kifco is my concern. Can you disable all PINGS from router to my server? Please can you update me and check this issue? Your updating for me, is really appreciate it Thank you. -- Marwan Sultan Network Administrator