dragoncrest at voyager.net
Fri Nov 28 17:01:27 PST 2003
It may be best to do two things. 1st would be to disable pings to
and from the server at the router by putting in an ACL on the router. The
second thing you'll want to do is block access to that machine via the
router from any suspect IP's or IP blocks that you suspect might be
attacking your machine. They already know it's there, so they're going to
begin or continue to try to attack it now, so you'll want to block them
from being able to access it now. Once you've done that, keep an eye on
your machine for a while for any other possible attacks. Once they stop
and nothing shows up for about 2 weeks it should be safe to remove the
ACL's from the router, but continue to monitor it for a while longer just
to be sure and add them back if nessisary.
At 11:36 PM 11/28/03 +0300, Marwan Sultan wrote:
> For the past few days, i had troubles connecting to my KIFCO server
> And at night around ( 23:30 GMT ) and the following hours i cannot
> connect at all, it connect for 1 second then everything lags,
> I can see slow connections and lagged ones.
> After all when im able to connect to the machine, I checked the dmesg log
> I found the follow :
>Limiting closed port RST response from 268 to 200 packets per second
>Limiting closed port RST response from 302 to 200 packets per second
>Limiting closed port RST response from 296 to 200 packets per second
>Limiting closed port RST response from 213 to 200 packets per second
>Limiting closed port RST response from 272 to 200 packets per second
> Which consider a PORTSCAN and an ATTACK.
> Also as I know from my friend on IRC DALnet network that dragons.dal.net
> is hosted in maxim, and just in this second its disconnected.
> Maybe because of an IRC server you have this attack?
> I had two IRC servers on DALnet in Past, and im familier with this trouble.
> anyhow, IRC is not my part of concern or who owns it.
> Kifco is my concern.
> Can you disable all PINGS from router to my server?
> Please can you update me and check this issue?
> Your updating for me, is really appreciate it
> Thank you.
>freebsd-questions at freebsd.org mailing list
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions