help - under attack

Mike Tancsa mike at
Sun Oct 1 17:11:15 UTC 2017

On 10/1/2017 11:18 AM, Ernie Luzar wrote:
> Hello list;
> Installed 11.1 from scratch and after about 2-3 weeks I finally got
> around to inspecting the /var/logs. I have never seen the auth.log file
> roll over before, so this peaked my interest. It was full of failed
> login attempts. My firewall blocks all inbound traffic, so I am very
> baffled be what I see in the log. Any suggestions on how this can be
> happening?

Is your firewall your default gateway on the FreeBSD box ?

Run tcpdump with the -e option as well to see what MAC address is
forwarding the traffic.  So if you have igb0 as the nic with the default

tcpdump -nei igb0 -c 20 port 22

then use arp -na to match the IP address to the MAC address to confirm
it is the host forwarding traffic you think it is. Also double check
your firewall to make sure the rules are working as you expect.


Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at
Providing Internet services since 1994
Cambridge, Ontario Canada

More information about the freebsd-questions mailing list