Hey all, Sorry This email has been sent to freebsd LIST by mistake, it suppoze to go for the ISP :) anyhow thanks Dragoncrest for the hint and details it was usefull. the ISP now has a BCC of this email.
Marwan On Fri, 28 Nov 2003 20:11:23 -0500, Dragoncrest wrote > It may be best to do two things. 1st would be to disable > pings to and from the server at the router by putting in an ACL on > the router. The second thing you'll want to do is block access to > that machine via the router from any suspect IP's or IP blocks that > you suspect might be attacking your machine. They already know it's > there, so they're going to begin or continue to try to attack it now, > so you'll want to block them from being able to access it now. Once > you've done that, keep an eye on your machine for a while for any > other possible attacks. Once they stop and nothing shows up for > about 2 weeks it should be safe to remove the ACL's from the router, > but continue to monitor it for a while longer just to be sure and > add them back if nessisary. > > At 11:36 PM 11/28/03 +0300, Marwan Sultan wrote: > >Hello Tech. > > > > For the past few days, i had troubles connecting to my KIFCO server > > Kifco.net > > And at night around ( 23:30 GMT ) and the following hours i cannot > > connect at all, it connect for 1 second then everything lags, > > I can see slow connections and lagged ones. > > > > After all when im able to connect to the machine, I checked the dmesg log > > I found the follow : > > > >Limiting closed port RST response from 268 to 200 packets per second > >Limiting closed port RST response from 302 to 200 packets per second > >Limiting closed port RST response from 296 to 200 packets per second > >Limiting closed port RST response from 213 to 200 packets per second > >Limiting closed port RST response from 272 to 200 packets per second > > > > Which consider a PORTSCAN and an ATTACK. > > > > Also as I know from my friend on IRC DALnet network that dragons.dal.net > > is hosted in maxim, and just in this second its disconnected. > > Maybe because of an IRC server you have this attack? > > I had two IRC servers on DALnet in Past, and im familier with this trouble. > > anyhow, IRC is not my part of concern or who owns it. > > Kifco is my concern. > > Can you disable all PINGS from router to my server? > > Please can you update me and check this issue? > > > > Your updating for me, is really appreciate it > > > > Thank you. > > > >-- > >Marwan Sultan > >Network Administrator > > > >_______________________________________________ > >[EMAIL PROTECTED] mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >To unsubscribe, send any mail to "freebsd-questions- [EMAIL PROTECTED]" -- Marwan Sultan Network Administrator _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
