From owner-freebsd-security Fri Dec 28 13: 8:10 2001 Delivered-To: freebsd-security@freebsd.org Received: from niwun.pair.com (niwun.pair.com [209.68.2.70]) by hub.freebsd.org (Postfix) with SMTP id A70C037B41A for ; Fri, 28 Dec 2001 13:08:05 -0800 (PST) Received: (qmail 94912 invoked by uid 3193); 28 Dec 2001 21:08:04 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 28 Dec 2001 21:08:04 -0000 Date: Fri, 28 Dec 2001 16:08:03 -0500 (EST) From: Mike Silbersack X-Sender: To: Mit Rowe Cc: "security@FreeBSD. ORG" Subject: Re: denial of service attack In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 28 Dec 2001, Mit Rowe wrote: > If i read this correctly, i'm under a denial of service attack. > > A few questions... > > 1) am i correct > 2) if so, how can i trace where it is coming from? > 3) how can i compensate? > > Dec 28 15:39:50 tenchi /kernel: Limiting icmp unreach response > from 323 to 200 packets per second You're just being nmap'd, nothing serious. If you want to track the scan, install an IDS like nessus or something. Before you do that, though, I suggest that you upgrade to 4.4-stable; the vulnerabilities in whatever ancient version of freebsd you're running shoud worry you more than the portscan. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message