Security report question
smithi at nimnet.asn.au
Sun Sep 30 20:25:20 PDT 2007
On Sun, 30 Sep 2007 09:41:00 -0700 Kurt Buff <kurt.buff at gmail.com> wrote:
> On 9/30/07, Chuck Swiger <cswiger at mac.com> wrote:
> > Kurt Buff wrote:
> > [ ... ]
> > > +Limiting closed port RST response from 283 to 200 packets/sec
> > >
> > > I don't know what this means, though I suspect it could mean that I'm
> > > being port scanned. Is this a reasonable guess?
> > Yes. It could also be something beating really hard on a single closed port, too.
> > --
> > -Chuck
> Thanks. This, coupled with some invalid SSH login attempts from a
> known user, has made me quite suspicious. I think, though, that this
> is all that I can call it at this point - suspcious.
> Anything further I could turn up to monitor/log what's going on?
It may help in spotting unwanted stuff getting past your firewall,
to either add to /etc/rc.conf:
or (coming to the same thing) add to /etc/sysctl.conf:
You can set the latter two sysctls immediately, of course.
More information about the freebsd-questions