[FUG-BR] Resposta TCPDUMP
Marcello Costa
unixmafia em yahoo.com.br
Quinta Junho 8 12:44:50 BRT 2006
Em Qui, 2006-06-08 Ã s 12:01 -0300, pocatea escreveu:
> caros amigos !!!
>
> tenho um servidor freeBSD que de ums tempos pra ca minha tabela arp
> comecou a aparecer essass mensagem
>
> ? (10.9.44.162) at (incomplete) on vr0 [ethernet]
> ? (10.9.44.164) at (incomplete) on vr0 [ethernet]
> ? (10.9.44.170) at (incomplete) on vr0 [ethernet]
> ? (10.9.44.174) at (incomplete) on vr0 [ethernet]
> ? (10.9.44.178) at (incomplete) on vr0 [ethernet]
> ? (10.9.44.179) at (incomplete) on vr0 [ethernet]
> ? (10.9.44.182) at (incomplete) on vr0 [ethernet]
> ? (10.9.44.194) at (incomplete) on vr0 [ethernet]
> ? (10.9.44.199) at (incomplete) on vr0 [ethernet]
> ? (10.9.44.203) at (incomplete) on vr0 [ethernet]
> ? (10.9.44.209) at (incomplete) on vr0 [ethernet]
> ? (10.9.44.215) at (incomplete) on vr0 [ethernet]
> ? (10.9.44.221) at (incomplete) on vr0 [ethernet]
> ? (10.9.44.231) at (incomplete) on vr0 [ethernet]
> ? (10.9.44.232) at 00:0e:a6:33:7b:15 on vr0 [ethernet]
>
> parece que alguma maquina esta escaneando minha rede verifique qual
> era a maquina e rodei o seguinte comando
>
> tcpdump -i vr0 host 10.9.43.98 e deu essa saida
>
> 13:40:11.511986 10.9.43.98.4049 > 10.9.248.222.135: S
> 703408187:703408187(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
> 13:40:11.529882 10.9.43.98.4190 > 10.9.185.174.445: S
> 710861329:710861329(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
> 13:40:11.558965 10.9.43.98.4191 > 10.9.12.43.445: S
> 710917250:710917250(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
> 13:40:11.567472 207.46.0.88.1863 > 10.9.42.191.1039: P 1:9(8) ack 5
> win 65095
>
> ja faco bloqueio das portas 135-139 e 445 via ipfw
>
> qual seria o comando pra fazer o bloqueio para que essa maquina nao
> escanei as outras redes
>
>
> -------------------------
Dá uma pesquisa no ports > portsentry
[]'s
--
Marcello Costa
BSD System Engineer
unixmafia at yahoo dot com dot br
_______________________________________________________
Abra sua conta no Yahoo! Mail: 1GB de espaço, alertas de e-mail no celular e anti-spam realmente eficaz.
http://mail.yahoo.com.br/
Mais detalhes sobre a lista de discussão freebsd