On 2016/12/13 15:43, Michael Butler wrote: > On 12/13/16 10:29, Dimitry Andric wrote: > >> Somebody is most likely port scanning your machines. I see this all the >> time on boxes connected to the internet. > > As are mine. I wouldn't mind so much if the message contained sufficient > useful information that could be acted on, e.g. originating IP address > and, when appropriate, destination port. If you want that sort of information, you can use pf(4) with a default rule to log and reject connections to your system. (Plus rules to permit traffic to legitimate services, obviously.) You can also just 'drop' the denied connections rather than the default response of sending back an ICMP unreachable or reset response, which will save you sending out a lot of itty-bitty packets that the port scanners wouldn't pay attention to anyhow. Cheers, Matthew
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:09 UTC