Possible Attack?
Troy G.
troyg at digitek-solutions.com
Wed Jun 22 03:12:31 GMT 2005
Hi all,
I was going through a few servers tonight and came across this in
/var/log/messages. This particular server functions mainly as our
primary webserver. Its running FreeBSD 4.8-RELEASE. I decided to take
a closer look to see what was generating these entries by loading up
trafshow. I noticed quite a bit of icmp requests coming in. I created
an access-list on the cisco and filtered icmp to this host and the
messages kept logging. It's obvious I didn't see any icmp anymore on
the server but is this system under a heavy load? I dont see the load
being that high according to top. Any suggestions?
Jun 21 21:50:55 mx1 /kernel: Limiting closed port RST response from 230
to 200 packets per second
Jun 21 21:51:23 mx1 /kernel: Limiting closed port RST response from 222
to 200 packets per second
Jun 21 21:53:02 mx1 /kernel: Limiting closed port RST response from 230
to 200 packets per second
TIA,
Troy
More information about the freebsd-questions
mailing list