<HTML> <HEAD> <META content="text/html; charset=iso-8859-1" http-equiv=Content-Type> <META content="OPENWEBMAIL" name=GENERATOR> </HEAD> <BODY bgColor=#ffffff> caros amigos !!! tenho um servidor freeBSD que de ums tempos pra ca minha tabela arp comecou a aparecer essass mensagem ? (10.9.44.162) at (incomplete) on vr0 [ethernet] ? (10.9.44.164) at (incomplete) on vr0 [ethernet] ? (10.9.44.170) at (incomplete) on vr0 [ethernet] ? (10.9.44.174) at (incomplete) on vr0 [ethernet] ? (10.9.44.178) at (incomplete) on vr0 [ethernet] ? (10.9.44.179) at (incomplete) on vr0 [ethernet] ? (10.9.44.182) at (incomplete) on vr0 [ethernet] ? (10.9.44.194) at (incomplete) on vr0 [ethernet] ? (10.9.44.199) at (incomplete) on vr0 [ethernet] ? (10.9.44.203) at (incomplete) on vr0 [ethernet] ? (10.9.44.209) at (incomplete) on vr0 [ethernet] ? (10.9.44.215) at (incomplete) on vr0 [ethernet] ? (10.9.44.221) at (incomplete) on vr0 [ethernet] ? (10.9.44.231) at (incomplete) on vr0 [ethernet] ? (10.9.44.232) at 00:0e:a6:33:7b:15 on vr0 [ethernet] parece que alguma maquina esta escaneando minha rede verifique qual era a maquina e rodei o seguinte comando tcpdump -i vr0 host 10.9.43.98 e deu essa saida 13:40:11.511986 10.9.43.98.4049 > 10.9.248.222.135: S 703408187:703408187(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 13:40:11.529882 10.9.43.98.4190 > 10.9.185.174.445: S 710861329:710861329(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 13:40:11.558965 10.9.43.98.4191 > 10.9.12.43.445: S 710917250:710917250(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) 13:40:11.567472 207.46.0.88.1863 > 10.9.42.191.1039: P 1:9(8) ack 5 win 65095 ja faco bloqueio das portas 135-139 e 445 via ipfw qual seria o comando pra fazer o bloqueio para que essa maquina nao escanei as outras redes </BODY> </HTML>