From owner-freebsd-security Thu Sep 27 6:24: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from salseiros.melim.com.br (salseiros.melim.com.br [200.215.110.23]) by hub.freebsd.org (Postfix) with ESMTP id F0E5637B448 for ; Thu, 27 Sep 2001 06:23:59 -0700 (PDT) Received: from fazendinha (ressacada.melim.com.br [200.215.110.4]) by salseiros.melim.com.br (Postfix) with SMTP id 01A27BA5B for ; Thu, 27 Sep 2001 10:19:34 -0300 (BRT) Message-ID: <01eb01c14757$f699b580$2aa8a8c0@melim.com.br> From: "Ronan Lucio" To: Subject: flood attacks Date: Thu, 27 Sep 2001 10:26:06 -0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All, Some times Iīm having troubles with somebody attacking my network by RST flood I have two questions: 1. My FreeBSD-4.3 only show the message Limiting closed port RST response from 1800 to 200 packets per second. But, it donīt show the source IP of attack. I already looked at /var/log/messages, security and ipfw files and I saw nothing about this. Does anybody knows what option should I configure to FreeBSD show me such IP? 2. My computers are FreeBSD-4.3 and my router (Cisco) already has the option "no-ip-broadcast" seted. What more do I need to do to prevent such type of attacks? OBS: Monitorate it on saturday 4:00 a.m. is difficult. I need find out some way to automatize it. Thankīs to all, Ronan Lucio To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message