Dealing with portscans

Over the last few weeks I've been getting numerous ports scans, each from unique hosts. The situation is more of an annoyance than anything else, but I would prefer not seeing or having to deal with an extra 20-30K entries in my logs as was the case recently. I use pf for firewalling, and while

Re: Dealing with portscans

On Mon, 22 Sep 2008 08:17:02 -0700 David Allen [EMAIL PROTECTED] wrote: Over the last few weeks I've been getting numerous ports scans, each from unique hosts. The situation is more of an annoyance than anything else, but I would prefer not seeing or having to deal with an extra 20-30K

Re: Dealing with portscans

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Allen wrote: Over the last few weeks I've been getting numerous ports scans, each from unique hosts. The situation is more of an annoyance than anything else, but I would prefer not seeing or having to deal with an extra 20-30K entries in

Re: Dealing with portscans

2008/9/22 David Allen [EMAIL PROTECTED]: Over the last few weeks I've been getting numerous ports scans, each from unique hosts. The situation is more of an annoyance than anything else, but I would prefer not seeing or having to deal with an extra 20-30K entries in my logs as was the case

Re: Dealing with portscans

On 9/22/08, Ghirai [EMAIL PROTECTED] wrote: On Mon, 22 Sep 2008 08:17:02 -0700 David Allen [EMAIL PROTECTED] wrote: Over the last few weeks I've been getting numerous ports scans, each from unique hosts. The situation is more of an annoyance than anything else, but I would prefer not seeing

Re: Dealing with portscans

On 9/22/08, Greg Larkin [EMAIL PROTECTED] wrote: David Allen wrote: Over the last few weeks I've been getting numerous ports scans, each from unique hosts. The situation is more of an annoyance than anything else, but I would prefer not seeing or having to deal with an extra 20-30K entries

Re: Dealing with portscans

- Original Message - From: David Allen [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Sent: Monday, September 22, 2008 4:06 PM Subject: Re: Dealing with portscans On 9/22/08, Greg Larkin [EMAIL PROTECTED] wrote: David Allen wrote: Over the last few weeks I've been getting

Re: Dealing with portscans

David Allen wrote: On 9/22/08, Ghirai [EMAIL PROTECTED] wrote: On Mon, 22 Sep 2008 08:17:02 -0700 David Allen [EMAIL PROTECTED] wrote: Over the last few weeks I've been getting numerous ports scans, each from unique hosts. The situation is more of an annoyance than anything else, but I would

Re: Dealing with portscans

On 9/22/08, Matthew Seaman [EMAIL PROTECTED] wrote: David Allen wrote: On 9/22/08, Ghirai [EMAIL PROTECTED] wrote: On Mon, 22 Sep 2008 08:17:02 -0700 David Allen [EMAIL PROTECTED] wrote: However, receiving SYN packets to ports 1024-4 isn't going to match anything than a default block

Re: Dealing with portscans

David Allen wrote: On 9/22/08, Matthew Seaman [EMAIL PROTECTED] wrote: Also consider the following sysctls: # Blackhole packets to ports without listeners net.inet.tcp.blackhole=1 net.inet.udp.blackhole=1 although these will be redundant if your firewalling is effective. I wonder, though,