From owner-freebsd-security Thu Sep 27 9:39:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from salseiros.melim.com.br (salseiros.melim.com.br [200.215.110.23]) by hub.freebsd.org (Postfix) with ESMTP id BE8F137B61C for ; Thu, 27 Sep 2001 09:39:51 -0700 (PDT) Received: from fazendinha (ressacada.melim.com.br [200.215.110.4]) by salseiros.melim.com.br (Postfix) with SMTP id 4BC98BA17; Thu, 27 Sep 2001 13:35:24 -0300 (BRT) Message-ID: <037601c14773$52a23da0$2aa8a8c0@melim.com.br> From: "Ronan Lucio" To: "Dave" Cc: References: Subject: Re: flood attacks Date: Thu, 27 Sep 2001 13:41:57 -0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Dave, But, in my case, I looked at mrtg graphics and saw that it had big flow during 1 hour. So, I supposed to prevent such situation. [ ]īs Ronan Lucio > > Limiting closed port RST response from 1800 to 200 packets per second. > > Awhile back, I managed to reproduce this by portscanning myself with a > very fast scanner which doesn't wait for any kind of response from the > server before testing the next port. The 1800 to 200 message thing sounds > quite general, so you could be getting flooded with lots of different > kinds of data. If the messages come in briefly and then stop for awhile > (rather than a continus flow) you could just be getting a fast port scan. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message