Date: Sat, 29 Nov 2003 00:34:23 +0300 From: "Marwan Sultan" <Admin@kifco.net> To: Dragoncrest <dragoncrest@voyager.net>, "FreeBSD questions List" <freebsd-questions@freebsd.org> Subject: Re: security issue. Message-ID: <20031128212848.M49932@kifco.net> In-Reply-To: <5.2.0.9.2.20031128200802.0210dc40@pop.voyager.net> References: <20031128202947.M29020@kifco.net> <5.2.0.9.2.20031128200802.0210dc40@pop.voyager.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hey all, Sorry This email has been sent to freebsd LIST by mistake, it suppoze to go for the ISP :) anyhow thanks Dragoncrest for the hint and details it was usefull. the ISP now has a BCC of this email. Marwan On Fri, 28 Nov 2003 20:11:23 -0500, Dragoncrest wrote > It may be best to do two things. 1st would be to disable > pings to and from the server at the router by putting in an ACL on > the router. The second thing you'll want to do is block access to > that machine via the router from any suspect IP's or IP blocks that > you suspect might be attacking your machine. They already know it's > there, so they're going to begin or continue to try to attack it now, > so you'll want to block them from being able to access it now. Once > you've done that, keep an eye on your machine for a while for any > other possible attacks. Once they stop and nothing shows up for > about 2 weeks it should be safe to remove the ACL's from the router, > but continue to monitor it for a while longer just to be sure and > add them back if nessisary. > > At 11:36 PM 11/28/03 +0300, Marwan Sultan wrote: > >Hello Tech. > > > > For the past few days, i had troubles connecting to my KIFCO server > > Kifco.net > > And at night around ( 23:30 GMT ) and the following hours i cannot > > connect at all, it connect for 1 second then everything lags, > > I can see slow connections and lagged ones. > > > > After all when im able to connect to the machine, I checked the dmesg log > > I found the follow : > > > >Limiting closed port RST response from 268 to 200 packets per second > >Limiting closed port RST response from 302 to 200 packets per second > >Limiting closed port RST response from 296 to 200 packets per second > >Limiting closed port RST response from 213 to 200 packets per second > >Limiting closed port RST response from 272 to 200 packets per second > > > > Which consider a PORTSCAN and an ATTACK. > > > > Also as I know from my friend on IRC DALnet network that dragons.dal.net > > is hosted in maxim, and just in this second its disconnected. > > Maybe because of an IRC server you have this attack? > > I had two IRC servers on DALnet in Past, and im familier with this trouble. > > anyhow, IRC is not my part of concern or who owns it. > > Kifco is my concern. > > Can you disable all PINGS from router to my server? > > Please can you update me and check this issue? > > > > Your updating for me, is really appreciate it > > > > Thank you. > > > >-- > >Marwan Sultan > >Network Administrator > > > >_______________________________________________ > >freebsd-questions@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >To unsubscribe, send any mail to "freebsd-questions- unsubscribe@freebsd.org" -- Marwan Sultan Network Administrator
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031128212848.M49932>