From owner-freebsd-security Fri Dec 28 13:10:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from tenchi.dreamlabs.com (tenchi.dreamlabs.com [216.220.37.61]) by hub.freebsd.org (Postfix) with ESMTP id 3012937B420 for ; Fri, 28 Dec 2001 13:10:18 -0800 (PST) Received: (from root@localhost) by tenchi.dreamlabs.com (8.11.6/8.11.6) id fBSLAHk94709; Fri, 28 Dec 2001 16:10:17 -0500 (EST) (envelope-from mitayai@dreamlabs.com) Received: from cr411661a (CPE0010a4b02b1b.cpe.net.cable.rogers.com [24.43.34.41]) (authenticated) by tenchi.dreamlabs.com (8.11.6/8.11.6) with ESMTP id fBSLAFV94699; Fri, 28 Dec 2001 16:10:15 -0500 (EST) (envelope-from mitayai@dreamlabs.com) Reply-To: From: "Mit Rowe" To: "Mike Silbersack" Cc: "security@FreeBSD. ORG" Subject: RE: denial of service attack Date: Fri, 28 Dec 2001 16:09:40 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ancient? ;-) i'm running the latest stable. > -----Original Message----- > From: Mike Silbersack [mailto:silby@silby.com] > Sent: December 28, 2001 16:08 > To: Mit Rowe > Cc: security@FreeBSD. ORG > Subject: Re: denial of service attack > > > > On Fri, 28 Dec 2001, Mit Rowe wrote: > > > If i read this correctly, i'm under a denial of service attack. > > > > A few questions... > > > > 1) am i correct > > 2) if so, how can i trace where it is coming from? > > 3) how can i compensate? > > > > Dec 28 15:39:50 tenchi /kernel: Limiting icmp > unreach response > > from 323 to 200 packets per second > > You're just being nmap'd, nothing serious. If you want to track the scan, > install an IDS like nessus or something. > > Before you do that, though, I suggest that you upgrade to 4.4-stable; > the vulnerabilities in whatever ancient version of freebsd you're running > shoud worry you more than the portscan. > > Mike "Silby" Silbersack > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message