From owner-freebsd-security Wed Oct 10 1:42: 4 2001 Delivered-To: freebsd-security@freebsd.org Received: from rage.abc.ro (goanga.com [193.231.240.30]) by hub.freebsd.org (Postfix) with ESMTP id D1DF737B406 for ; Wed, 10 Oct 2001 01:41:59 -0700 (PDT) Received: from abc.ro (goanga.com [193.231.240.30]) by rage.abc.ro (8.11.3/8.11.3) with ESMTP id f9A8fpQ01892; Wed, 10 Oct 2001 11:41:52 +0300 (EEST) (envelope-from andrei@abc.ro) Message-ID: <3BC409CF.BC11F35E@abc.ro> Date: Wed, 10 Oct 2001 11:41:51 +0300 From: ANdrei Organization: Cronon AG - tech department X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: de, ro, en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Cc: Randy Lee Subject: Re: ipfw - DoS ? References: <20011009233730.11902.qmail@web20907.mail.yahoo.com> <200110100334.f9A3Yoh91437@oksala.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org anyhow, answering how to deny: deny ip from any to any 3072 or (a bit different and in the rc.firewall-file format): ${fwcmd} add unreach net all from any to any 3072 this answers to icmp "net unreacheable"... but it's better you choose an closed policy for default, and then you configure your firewall to pass through only what you want... maybe i'm wrong, but i guess this is best to do... aloha, ANdrei > > Is someone is DoS'ing my server ? > > > > How can i deny all connection from port :3072 and > > :1024 using ipfw ? > > I think it's useless to block non-listening ports > So it's certainly a port scan. Don't worry about it. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- "I live in my own little world - but it's ok, they know me here!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message