Log spam: Limiting * response from 1 to 200 packets/sec
Matthew Seaman
matthew at FreeBSD.org
Tue Dec 13 15:53:04 UTC 2016
On 2016/12/13 15:43, Michael Butler wrote:
> On 12/13/16 10:29, Dimitry Andric wrote:
>
>> Somebody is most likely port scanning your machines. I see this all the
>> time on boxes connected to the internet.
>
> As are mine. I wouldn't mind so much if the message contained sufficient
> useful information that could be acted on, e.g. originating IP address
> and, when appropriate, destination port.
If you want that sort of information, you can use pf(4) with a default
rule to log and reject connections to your system. (Plus rules to permit
traffic to legitimate services, obviously.) You can also just 'drop'
the denied connections rather than the default response of sending back
an ICMP unreachable or reset response, which will save you sending out a
lot of itty-bitty packets that the port scanners wouldn't pay attention
to anyhow.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 972 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20161213/4eef7a0c/attachment.sig>
More information about the freebsd-current
mailing list