On 2016/12/13 15:43, Michael Butler wrote:
> On 12/13/16 10:29, Dimitry Andric wrote:
>> Somebody is most likely port scanning your machines.  I see this all the
>> time on boxes connected to the internet.
> As are mine. I wouldn't mind so much if the message contained sufficient
> useful information that could be acted on, e.g. originating IP address
> and, when appropriate, destination port.

If you want that sort of information, you can use pf(4) with a default
rule to log and reject connections to your system. (Plus rules to permit
traffic to legitimate services, obviously.)  You can also just 'drop'
the denied connections rather than the default response of sending back
an ICMP unreachable or reset response, which will save you sending out a
lot of itty-bitty packets that the port scanners wouldn't pay attention
to anyhow.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to