From owner-freebsd-questions Thu Aug 1 15: 8:40 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9EE9A37B400; Thu, 1 Aug 2002 15:08:35 -0700 (PDT) Received: from mail.engr.ucsb.edu (mail.engr.ucsb.edu [128.111.27.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C63743E42; Thu, 1 Aug 2002 15:08:35 -0700 (PDT) (envelope-from akanwar@engineering.ucsb.edu) Received: from ecipc056.engr.ucsb.edu ([128.111.53.119]) by mail.engr.ucsb.edu with esmtp (Exim 3.36 #1) id 17aO7W-00064b-00; Thu, 01 Aug 2002 15:08:34 -0700 Date: Thu, 1 Aug 2002 15:06:19 -0700 (PDT) From: Anshuman Kanwar X-X-Sender: To: Cc: Subject: RST limit and ICMP_BANDLIM In-Reply-To: <3C2F6ADA.95396383@expertcity.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi all, I understand that RST packets are returned for TCP packets that are reseived for closed ports. And a log messsge of the form: Limiting closed port RST response from 233 to 200 packets per second is generated. My questions about this are: 1) What happens if the packets are dropped without returning a RST. Will this be against RFC specs. 2) Is there a kernel option to enable the above behavior. I could not find anything in LINT. 3) What is ICMP_BANDLIM ? and is it in any way related to these RSt responses ? If it is then should it not be called TCP_RST_LIMIT? I am confused. Are we talking TCP or ICMP? I searched the archives but they generally do not talk beyond saying that these messages are generated by NMAP scans. I need more details. Thanks for any replies, -ansh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message