From owner-freebsd-questions@freebsd.org Sun Oct 1 18:07:22 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A5475E2AF78 for ; Sun, 1 Oct 2017 18:07:22 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from ms-10.1blu.de (ms-10.1blu.de [178.254.4.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 65D8F697C2 for ; Sun, 1 Oct 2017 18:07:21 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from [2.247.255.240] (helo=localhost.unixarea.de) by ms-10.1blu.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from ) id 1dyie6-0000Ra-8N for freebsd-questions@freebsd.org; Sun, 01 Oct 2017 20:07:18 +0200 Received: from localhost.my.domain (localhost [127.0.0.1]) by localhost.unixarea.de (8.15.2/8.14.9) with ESMTPS id v91I7EWH002319 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 1 Oct 2017 20:07:14 +0200 (CEST) (envelope-from guru@unixarea.de) Received: (from guru@localhost) by localhost.my.domain (8.15.2/8.14.9/Submit) id v91I7EXi002318 for freebsd-questions@freebsd.org; Sun, 1 Oct 2017 20:07:14 +0200 (CEST) (envelope-from guru@unixarea.de) X-Authentication-Warning: localhost.my.domain: guru set sender to guru@unixarea.de using -f Date: Sun, 1 Oct 2017 20:07:09 +0200 From: Matthias Apitz To: freebsd-questions@freebsd.org Subject: Re: help - under attack Message-ID: <20171001180709.GA2236@c720-r314251> Reply-To: Matthias Apitz Mail-Followup-To: Matthias Apitz , freebsd-questions@freebsd.org References: <59D10736.2070504@gmail.com> <20171001152637.GA60730@c720-r314251> <59D10B0C.1010702@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Nq2Wo0NMKNjxTN9z" Content-Disposition: inline In-Reply-To: <59D10B0C.1010702@gmail.com> X-Operating-System: FreeBSD 12.0-CURRENT r314251 (amd64) X-message-flag: Mails containing HTML will not be read! Please send only plain text. User-Agent: Mutt/1.8.0 (2017-02-23) X-Con-Id: 51246 X-Con-U: 0-guru X-Originating-IP: 2.247.255.240 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2017 18:07:22 -0000 --Nq2Wo0NMKNjxTN9z Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable El d=C3=ADa domingo, octubre 01, 2017 a las 11:34:36a. m. -0400, Ernie Luza= r escribi=C3=B3: > Matthias Apitz wrote: > > El d=C3=ADa domingo, octubre 01, 2017 a las 11:18:14a. m. -0400, Ernie = Luzar escribi=C3=B3: > >=20 > >=20 > > If you have a firewall (about which you have not said anything), how can > > SYN-SYN-ACK happen on port 22? > >=20 > > matthias >=20 > My post says "My firewall blocks all inbound traffic". The login error=20 The term 'inbound' is not very clear. My firewall on my FreeeBSD box (ipf) blocks traffic incoming for certain ports, it seems that you mean that you block incoming traffic for a complete network and the firewall does not run on the FreeBSD box in question. > messages do not say it on port 22. That inbound port is blocked by the=20 > firewall. All pc on the lan are powered off. Even disconnected the lan=20 > cable from the freebsd gateway host and still the error messages come=20 > out. That is why I am asking for help here. A I (and others) said: use TCPDUMP to see the details of the connects. matthias --=20 Matthias Apitz, =E2=9C=89 guru@unixarea.de, =E2=8C=82 http://www.unixarea.d= e/ =E2=98=8E +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub 8. Mai 1945: Wer nicht feiert hat den Krieg verloren. 8 de mayo de 1945: Quien no festeja perdi=C3=B3 la Guerra. May 8, 1945: Who does not celebrate lost the War. --Nq2Wo0NMKNjxTN9z Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEXmn7rBYYViyzy/vBR8z35Hb+nREFAlnRLsYACgkQR8z35Hb+ nRHSNRAAjZRSc75qNpPzHMneByFb0eDgypt0jhpsuXEt36p468/C6M4IrfbsJ0gY auCvSiDrLO6ajlKfWPDpBjN2ypM2Xvi0f3O+U+ooGwwHH1mvaaJ39YqAhtriKuUm z6P1ug7z2amNZG+kdPgR4QL8O39MGsfUQHDTtHGqR8XssgTDuk+dw3ImvdC4o5s7 eOblEvoBLS8QH5I2AyL8s7u1PT3k4c6xmMWvt+i2KxveiA7DliqphUgGTdZ1Olus jRf+CSWSRLwNKWlL4Ho9Zt00RMDjhXPbQeMIJk9duCOih1T2mnjuTlo+nMGZly8n 7FG3fqd5hmlp23DSdM22oWqp+kjPIg+kg4u4xLHnkV0ks8pKEN5JPTvhc2j0jCkE OUrHiOyLS9ajt4rOypLnQQcqOsq/HgTR6oP7Zj1/wCTrR0JibO7nySsS4wKdUXFV 6mpPB+VGnyyWx/NkwzuUG2iiPXGzV7O30PLjZGOdTtwRQCvbexyp5PK7TMdAW2bP 1nx8doAiPHivz0aBxGfMWKME+fISuQXs6T69TwYeNPj2DiZBMeKsjzTNA9T7vDnr xmux00/6BJ4kq/lQ/PnXdIvlguJa4sYAxKVurDcahVfVAz0Wpm/6dLQ1FKtt+zam WnS87LbRa0/sv3XWKqPhZbwVuY+NDsMHf1zBRK42yHD029QDJho= =7Mo7 -----END PGP SIGNATURE----- --Nq2Wo0NMKNjxTN9z--