security issue.
Marwan Sultan
Admin at kifco.net
Fri Nov 28 17:28:28 PST 2003
Hey all,
Sorry This email has been sent to freebsd LIST by mistake,
it suppoze to go for the ISP :)
anyhow thanks Dragoncrest for the hint and details it was usefull.
the ISP now has a BCC of this email.
Marwan
On Fri, 28 Nov 2003 20:11:23 -0500, Dragoncrest wrote
> It may be best to do two things. 1st would be to disable
> pings to and from the server at the router by putting in an ACL on
> the router. The second thing you'll want to do is block access to
> that machine via the router from any suspect IP's or IP blocks that
> you suspect might be attacking your machine. They already know it's
> there, so they're going to begin or continue to try to attack it now,
> so you'll want to block them from being able to access it now. Once
> you've done that, keep an eye on your machine for a while for any
> other possible attacks. Once they stop and nothing shows up for
> about 2 weeks it should be safe to remove the ACL's from the router,
> but continue to monitor it for a while longer just to be sure and
> add them back if nessisary.
>
> At 11:36 PM 11/28/03 +0300, Marwan Sultan wrote:
> >Hello Tech.
> >
> > For the past few days, i had troubles connecting to my KIFCO server
> > Kifco.net
> > And at night around ( 23:30 GMT ) and the following hours i cannot
> > connect at all, it connect for 1 second then everything lags,
> > I can see slow connections and lagged ones.
> >
> > After all when im able to connect to the machine, I checked the dmesg
log
> > I found the follow :
> >
> >Limiting closed port RST response from 268 to 200 packets per second
> >Limiting closed port RST response from 302 to 200 packets per second
> >Limiting closed port RST response from 296 to 200 packets per second
> >Limiting closed port RST response from 213 to 200 packets per second
> >Limiting closed port RST response from 272 to 200 packets per second
> >
> > Which consider a PORTSCAN and an ATTACK.
> >
> > Also as I know from my friend on IRC DALnet network that dragons.dal.net
> > is hosted in maxim, and just in this second its disconnected.
> > Maybe because of an IRC server you have this attack?
> > I had two IRC servers on DALnet in Past, and im familier with this
trouble.
> > anyhow, IRC is not my part of concern or who owns it.
> > Kifco is my concern.
> > Can you disable all PINGS from router to my server?
> > Please can you update me and check this issue?
> >
> > Your updating for me, is really appreciate it
> >
> > Thank you.
> >
> >--
> >Marwan Sultan
> >Network Administrator
> >
> >_______________________________________________
> >freebsd-questions at freebsd.org mailing list
> >http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> >To unsubscribe, send any mail to "freebsd-questions-
unsubscribe at freebsd.org"
--
Marwan Sultan
Network Administrator
More information about the freebsd-questions
mailing list