Date: Thu, 1 Aug 2002 17:37:55 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Anshuman Kanwar <akanwar@engineering.ucsb.edu> Cc: freebsd-questions@freebsd.org, <freebsd-net@freebsd.org> Subject: Re: RST limit and ICMP_BANDLIM Message-ID: <20020801172948.Y17087-100000@patrocles.silby.com> In-Reply-To: <Pine.LNX.4.33.0202060714280.12511-100000@linux22.engr.ucsb.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 1 Aug 2002, Anshuman Kanwar wrote: > Hi all, > > I understand that RST packets are returned for TCP packets that are > reseived for closed ports. And a log messsge of the form: > > Limiting closed port RST response from 233 to 200 packets per second > > > is generated. > > My questions about this are: > > 1) What happens if the packets are dropped without returning a RST. > Will this be against RFC specs. Technically, yes. In practice, rate limiting won't break anything. (Well, unless DoS packets are getting all the RST responses, in which case all hell has broken loose anyway.) > 2) Is there a kernel option to enable the above behavior. I could not > find anything in LINT. I'm not sure what you're asking. > 3) What is ICMP_BANDLIM ? and is it in any way related to these RSt > responses ? If it is then should it not be called TCP_RST_LIMIT? > > I am confused. Are we talking TCP or ICMP? The ICMP_BANDLIM feature affects 5 different types of responses, see the function badport_bandlim in ip_icmp.c. The option was removed and made a mandatory feature in 5.0, but it will continue to be called ICMP_BANDLIM in 4.x. Renaming it would just result in most people getting annoyed at kernel configs changing. > I searched the archives but they generally do not talk beyond saying that > these messages are generated by NMAP scans. I need more details. Because you're being attacked, or because I'm doing your homework for you? :) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020801172948.Y17087-100000>