Limiting closed port RST response
Jez Hancock
jez.hancock at munk.nu
Fri Jun 20 09:35:42 PDT 2003
On Fri, Jun 20, 2003 at 09:55:19AM +0100, Matthew Ryan wrote:
> Could this be a DOS atttack?
It could be, but more likely it's someone trying to determine what ports
are open with a tool such as nmap.
> Where do I find a more detailed log?
Configure a firewall such as ipf and make sure you opt to log blocked
packets.
> I'm running FreeBSD 4.8 Release - the box is basically just a gateway
> router running natd and dhcpd.
ipf and ipnat run nicely together to provide a combination of nat and
filtering - although if you already have nat running it's probably best
just to configure a basic ipf firewall that allows just the traffic you
want. Have a look here for more info on ipf:
http://munk.nu/ipf/
My old rulesets for ipf are here:
http://munk.nu/ipf/mboxen/
Regards,
Jez
More information about the freebsd-questions
mailing list