Date: Fri, 2 Sep 2005 20:15:15 +1000 From: Jerahmy Pocott <quakenet1@optusnet.com.au> To: Dark Star <dead_line@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Limiting closed port Message-ID: <8251946A-F176-4BE2-B60E-AF6D9F79FB03@optusnet.com.au> In-Reply-To: <BAY20-F293FDFDBA0654AFB8BCE3A9AA00@phx.gbl> References: <BAY20-F293FDFDBA0654AFB8BCE3A9AA00@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01/09/2005, at 7:20 PM, Dark Star wrote: > > Hello all, > > Im on FreeBSD 4.8-R > my logs since over 4 months always complaining from th follow: > > /kernel: Limiting closed port RST response from 243 to 200 > packets per second > /kernel: Limiting closed port RST response from 222 to 200 > packets per second > /kernel: Limiting closed port RST response from 238 to 200 > packets per second > > I think its sometype of scan or attack. A scan.. If someone tries to connect to a port that has no service attached to it, by default the server will send a RST (reset) packet back (for TCP).. Someone is trying to scan you very quickly, so generating a lot of RST packets (probably scanning a very large range of ports) and the kernel is reducing the amount it will send per second.. This isn't really a problem, you can also set it so that connections to closed ports will not generate a RST response, but you would no longer be compliant with the RFCs regarding TCP connections.. If you aren't running a firewall you should probably be running one anyway since it seems your system is exposed to the outside world.. Personally I wouldn't be worried about the above log, unless you are running services which allow connections from the outside and which are possibly not very secure (public ftp, old versions of named, etc)..
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8251946A-F176-4BE2-B60E-AF6D9F79FB03>