Date: Tue, 29 May 2001 10:46:01 +0200 From: "Chojin" <chojin@nerim.net> To: <freebsd-security@FreeBSD.ORG> Subject: Re: Kernel message Message-ID: <007201c0e81b$ca9b24a0$0245a8c0@chojin> References: <GLECJJEOFFBMALIKCDHIEEKGCAAA.glassfish@glassfish.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Could you give me a good portsentry configuration and a good KILLROUTE line
(I use ipf) to block port scanning and other) ?
Thanks
----- Original Message -----
From: "Michael Tang Helmeste" <glassfish@frogbox.dyndns.org>
To: <freebsd-security@FreeBSD.ORG>
Sent: Tuesday, May 29, 2001 1:46 AM
Subject: RE: Kernel message
> If you get this a lot and it annoys you, I'd recommend something like
> portsentry (I used to get portscanned a lot and I installed this).
> You can get it here: www.psionic.com/abacus
> It can block them via tcpwrappers, or even add a route for them using
> 'route' to make it so that they can't contact you anymore (by specifying
the
> route to their IP as through a dummy IP on your network). It also logs it
in
> syslog, and you can use the log reporting tool on the same page above, to
> monitor for those types of things
> I found it very useful. :)
>
> -----Original Message-----
> From: owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Peter Pentchev
> Sent: Monday, May 28, 2001 7:37 PM
> To: Retal
> Cc: freebsd-security@freebsd.org
> Subject: Re: Kernel message
>
>
> On Tue, May 29, 2001 at 02:02:03AM +0200, Retal wrote:
> > I got this message while i was changing icmpbandlim from 200 to 30:
> > May 29 01:42:14 freebsd /kernel: Limiting closed port RST response from
78
> to 30
> > packets per second
> >
> > i got this message like 10000 times..
> > What is that means..
>
> Somebody was portscanning you - running a simple program that connects
> to every port from 1 to, say, 32768, on your machine, to see which ports
> are 'open' - what services (daemons, servers) you are running on your
> machine. The kernel had to sent a lot of 'connection refused' ('closed'
> port, not open) messages, and it had a max value of 30 of those per
second.
> It is informing you that in one given second, it was supposed to send out
> 78 of those, but it only sent 30.
>
> So.. somebody was portscanning you. If you are running any programs
> that have known security issues, you had better stop them. Look at
> the output of sockstat -4 to see which ports you have open (if your
> FreeBSD is 4.3 or later, you can use sockstat -4l to see listening
> sockets only), then look at the FreeBSD website to find a list of
> security advisories to see if any of the programs you are running
> are vulnerable in the versions on your machine.
>
> G'luck,
> Peter
>
> --
> I am the meaning of this sentence.
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007201c0e81b$ca9b24a0$0245a8c0>