Re: [FUG-BR] Resposta TCPDUMP

Thu, 08 Jun 2006 08:47:17 -0700 

Em Qui, 2006-06-08 às 12:01 -0300, pocatea escreveu:
> caros amigos !!!
> 
> tenho um servidor freeBSD que de ums tempos pra ca minha tabela arp
> comecou a aparecer essass mensagem
> 
> ? (10.9.44.162) at (incomplete) on vr0 [ethernet] 
> ? (10.9.44.164) at (incomplete) on vr0 [ethernet] 
> ? (10.9.44.170) at (incomplete) on vr0 [ethernet] 
> ? (10.9.44.174) at (incomplete) on vr0 [ethernet] 
> ? (10.9.44.178) at (incomplete) on vr0 [ethernet] 
> ? (10.9.44.179) at (incomplete) on vr0 [ethernet] 
> ? (10.9.44.182) at (incomplete) on vr0 [ethernet] 
> ? (10.9.44.194) at (incomplete) on vr0 [ethernet] 
> ? (10.9.44.199) at (incomplete) on vr0 [ethernet] 
> ? (10.9.44.203) at (incomplete) on vr0 [ethernet] 
> ? (10.9.44.209) at (incomplete) on vr0 [ethernet] 
> ? (10.9.44.215) at (incomplete) on vr0 [ethernet] 
> ? (10.9.44.221) at (incomplete) on vr0 [ethernet] 
> ? (10.9.44.231) at (incomplete) on vr0 [ethernet] 
> ? (10.9.44.232) at 00:0e:a6:33:7b:15 on vr0 [ethernet]
> 
> parece que alguma maquina esta escaneando minha rede verifique qual
> era a maquina e rodei o seguinte comando
> 
> tcpdump -i vr0 host 10.9.43.98 e deu essa saida 
> 
> 13:40:11.511986 10.9.43.98.4049 > 10.9.248.222.135: S
> 703408187:703408187(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 
> 13:40:11.529882 10.9.43.98.4190 > 10.9.185.174.445: S
> 710861329:710861329(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 
> 13:40:11.558965 10.9.43.98.4191 > 10.9.12.43.445: S
> 710917250:710917250(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 
> 13:40:11.567472 207.46.0.88.1863 > 10.9.42.191.1039: P 1:9(8) ack 5
> win 65095
> 
> ja faco bloqueio das portas 135-139 e 445 via ipfw 
> 
> qual seria o comando pra fazer o bloqueio para que essa maquina nao
> escanei as outras redes
> 
> 
> -------------------------


Dá uma pesquisa no ports > portsentry

[]'s

-- 
Marcello Costa
BSD System Engineer
unixmafia at yahoo dot com dot br


                
_______________________________________________________ 
Abra sua conta no Yahoo! Mail: 1GB de espa�o, alertas de e-mail no celular e 
anti-spam realmente eficaz. 
http://mail.yahoo.com.br/

-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

Responder a