|
caros amigos !!!
tenho um servidor freeBSD que de ums tempos pra ca minha tabela arp comecou a aparecer essass mensagem
? (10.9.44.162) at (incomplete) on vr0 [ethernet]
? (10.9.44.164) at (incomplete) on vr0 [ethernet]
? (10.9.44.170) at (incomplete) on vr0 [ethernet]
? (10.9.44.174) at (incomplete) on vr0 [ethernet]
? (10.9.44.178) at (incomplete) on vr0 [ethernet]
? (10.9.44.179) at (incomplete) on vr0 [ethernet]
? (10.9.44.182) at (incomplete) on vr0 [ethernet]
? (10.9.44.194) at (incomplete) on vr0 [ethernet]
? (10.9.44.199) at (incomplete) on vr0 [ethernet]
? (10.9.44.203) at (incomplete) on vr0 [ethernet]
? (10.9.44.209) at (incomplete) on vr0 [ethernet]
? (10.9.44.215) at (incomplete) on vr0 [ethernet]
? (10.9.44.221) at (incomplete) on vr0 [ethernet]
? (10.9.44.231) at (incomplete) on vr0 [ethernet]
? (10.9.44.232) at 00:0e:a6:33:7b:15 on vr0 [ethernet]
parece que alguma maquina esta escaneando minha rede verifique qual era a maquina e rodei o seguinte comando
tcpdump -i vr0 host 10.9.43.98 e deu essa saida
13:40:11.511986 10.9.43.98.4049 > 10.9.248.222.135: S 703408187:703408187(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
13:40:11.529882 10.9.43.98.4190 > 10.9.185.174.445: S 710861329:710861329(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
13:40:11.558965 10.9.43.98.4191 > 10.9.12.43.445: S 710917250:710917250(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
13:40:11.567472 207.46.0.88.1863 > 10.9.42.191.1039: P 1:9(8) ack 5 win 65095
ja faco bloqueio das portas 135-139 e 445 via ipfw
qual seria o comando pra fazer o bloqueio para que essa maquina nao escanei as outras redes
| 
