Date: Sat, 31 Aug 2024 12:02:11 -0700 From: Kevin Oberman <rkoberman@gmail.com> To: Pete French <pete@twisted.org.uk> Cc: FreeBSD Stable Mailing List <freebsd-stable@freebsd.org> Subject: Re: How to diagnose "Limiting closed port RST response from 213 to 205 packets/sec" ? Message-ID: <CAN6yY1vPXzAP3nTyOB1RM6GLWn5iLkePGMbyaPbtaYG5xqn9DQ@mail.gmail.com> In-Reply-To: <27a993d5-c456-4add-8893-3e86af747ab1@twisted.org.uk> References: <27a993d5-c456-4add-8893-3e86af747ab1@twisted.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--00000000000053fd050620ff595a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, Aug 31, 2024 at 7:32=E2=80=AFAM Pete French <pete@twisted.org.uk> w= rote: > So I am running some servers with 14.1-STABLE, pretty standard - Apache > + mysql setup, and I am seeing a lot of the above messages. I have > always seen these form time to time, but recently I have had compmnaits > from a customer about the webservers being unavailable, and the times > they give correspond to bursts of these errors. > > I dont see any other errors, and am wondering how to get more info about > this message. Knowing if its IPv4 or IPv6 would be nice. Knowing the > port that is closed would be ideal. I have a feeling that the closed > port is the one which Apaxche is suppsoed to be listenin gon (I cant > think of nay other ports which would get hammered), but that should > never be closed. > > Any advice ? > > -pete. > These are not errors. It is telling you that someone is likely doing something wrong, probably by error but possibly rudely. I believe that it means that a closed port is receiving a lot of SYNs. See the discussion on BSD forums <https://forums.freebsd.org/threads/limiting-closed-port-rst-response.72131= /> . --=20 Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 --00000000000053fd050620ff595a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon= t-family:tahoma,sans-serif;font-size:small">On Sat, Aug 31, 2024 at 7:32=E2= =80=AFAM Pete French <<a href=3D"mailto:pete@twisted.org.uk">pete@twiste= d.org.uk</a>> wrote:</div></div><div class=3D"gmail_quote"><blockquote c= lass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px soli= d rgb(204,204,204);padding-left:1ex">So I am running some servers with 14.1= -STABLE, pretty standard - Apache <br> + mysql setup, and I am seeing a lot of the above messages. I have <br> always seen these form time to time, but recently I have had compmnaits <br= > from a customer about the webservers being unavailable, and the times <br> they give correspond to bursts of these errors.<br> <br> I dont see any other errors, and am wondering how to get more info about <b= r> this message. Knowing if its IPv4 or IPv6 would be nice. Knowing the <br> port that is closed would be ideal. I have a feeling that the closed <br> port is the one which Apaxche is suppsoed to be listenin gon (I cant <br> think of nay other ports which would get hammered), but that should <br> never be closed.<br> <br> Any advice ?<br> <br> -pete.<br></blockquote><div><br></div><div style=3D"font-family:tahoma,sans= -serif;font-size:small" class=3D"gmail_default">These are not errors. It is= telling you that someone is likely doing something wrong, probably by erro= r but possibly rudely.</div><div style=3D"font-family:tahoma,sans-serif;fon= t-size:small" class=3D"gmail_default"><br></div><div style=3D"font-family:t= ahoma,sans-serif;font-size:small" class=3D"gmail_default">I believe that it= means that a closed port is receiving a lot of SYNs. See the discussion on= <a href=3D"https://forums.freebsd.org/threads/limiting-closed-port-rst-res= ponse.72131/">BSD forums</a>.<br></div></div><br clear=3D"all"><br><span cl= ass=3D"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmai= l_signature"><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><= div><div dir=3D"ltr">Kevin Oberman, Part time kid herder and retired Networ= k Engineer<br>E-mail: <a href=3D"mailto:rkoberman@gmail.com" target=3D"_bla= nk">rkoberman@gmail.com</a><br></div><div>PGP Fingerprint: D03FB98AFA78E3B7= 8C1694B318AB39EF1B055683</div></div></div></div></div></div></div></div></d= iv> --00000000000053fd050620ff595a--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1vPXzAP3nTyOB1RM6GLWn5iLkePGMbyaPbtaYG5xqn9DQ>