Date: Sat, 31 Mar 2001 16:06:04 +0200 From: dirk.meyer@dinoex.sub.org (Dirk Meyer) To: freebsd-stable@FreeBSD.ORG, nturki@adelphia.net Subject: Re: Limiting closed port RST response Message-ID: <MYhlSUh5/l@dmeyer.dinoex.sub.org> References: <3AC57013.7801BB31@adelphia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Nader Turki wrote:, > Mar 30 18:43:03 shell /kernel: Limiting closed port RST response from > 2014 to 200 packets per second Sombody sends a hell of packages to your IP. Someone spoof an IP and might user your serve rto bounce the packages against someone else. > Mar 30 20:56:03 shell /kernel: xl0: promiscuous mode enabled > Mar 30 20:56:42 shell /kernel: xl0: promiscuous mode disabled > Mar 30 20:56:42 shell /kernel: xl0: promiscuous mode enabled > Mar 30 20:57:03 shell /kernel: xl0: promiscuous mode disabled > Mar 30 20:58:42 shell /kernel: xl0: promiscuous mode enabled > Mar 30 20:58:42 shell /kernel: xl0: promiscuous mode disabled Did you use tcpdump or ngrep? > the isp is telling me that it's going out of the machine. nobody got > root but me and even after i killed all the procs. it kept doing the > same thing. Please watch your network, your box could be exploited. Take it offline and find out what it do. Active a Packet-Firewall to filter this at least. look into /etc/rc.firewall then activate the option fits best. To watach what is happeing, call "init 1" and run tcpdump from your consolse. Processes may be hiding, but in siggle-user mode you are more safer against a installed "rootkit" kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MYhlSUh5/l>