On Sun, 30 Sep 2007 09:41:00 -0700 Kurt Buff <[EMAIL PROTECTED]> wrote: > On 9/30/07, Chuck Swiger <[EMAIL PROTECTED]> wrote: > > Kurt Buff wrote: > > [ ... ] > > > +Limiting closed port RST response from 283 to 200 packets/sec > > > > > > I don't know what this means, though I suspect it could mean that I'm > > > being port scanned. Is this a reasonable guess? > > > > Yes. It could also be something beating really hard on a single closed > > port, too. > > > > -- > > -Chuck > > Thanks. This, coupled with some invalid SSH login attempts from a > known user, has made me quite suspicious. I think, though, that this > is all that I can call it at this point - suspcious. > > Anything further I could turn up to monitor/log what's going on?
It may help in spotting unwanted stuff getting past your firewall, to either add to /etc/rc.conf: log_in_vain="1" or (coming to the same thing) add to /etc/sysctl.conf: net.inet.tcp.log_in_vain=1 net.inet.udp.log_in_vain=1 You can set the latter two sysctls immediately, of course. Cheers, Ian _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
