Date: Thu, 4 Nov 2004 13:53:01 -0500 From: Charles Swiger <cswiger@mac.com> To: Nathan Kinkade <nkinkade@ub.edu.bz> Cc: freebsd-questions@freebsd.org Subject: Re: kernel: Limiting open port RST Message-ID: <C0C39C5D-2E92-11D9-8097-003065ABFD92@mac.com> In-Reply-To: <20041104181808.GR13601@gentoo-npk.bmp.ub> References: <20041104181808.GR13601@gentoo-npk.bmp.ub>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 4, 2004, at 1:18 PM, Nathan Kinkade wrote: > I am getting a tremendous amount of messages on a particular server > saying something close to: > > kernel: Limiting open port RST response from 302 to 200 packets/sec This generally means the system is being portscanned. > I understand the reasons for the message, but I'm having a hard time > tracking down a possible point source. Neither ethereal nor tcpdump > seem to be picking up any packets with the TCP RST bit set. I have > tried this, for example: [ ... ] > TCP and UDP blackhole sysctls are also already > setup, and it appears that the RST packets are being sent out to > internet hosts with a dstport of 80. The machine being affected is > running squid. If you turn on the blackhole sysctls, then your machine will not generate RST packets. Caveat operator. :-) > Does anyone have advice on this? If this machine is not supposed to be completely exposed on the 'net, consider putting it behind a firewall. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C0C39C5D-2E92-11D9-8097-003065ABFD92>