Date: Fri, 20 Jun 2003 12:53:39 -0400 From: Chuck Swiger <cswiger@mac.com> To: Matthew Ryan <matt@overdose.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Limiting closed port RST response Message-ID: <3EF33C13.8050108@mac.com> In-Reply-To: <EB2C8534-A2FC-11D7-B634-0030654886A6@overdose.com> References: <EB2C8534-A2FC-11D7-B634-0030654886A6@overdose.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Ryan wrote: [ ... ] > I'm getting a lot of these in my security output. > >> Limiting closed port RST response from 220 to 200 packets per second > > They are always on ports between 200- 300. > > Could this be a DOS atttack? > Where do I find a more detailed log? Typically, this indicates that someone is port-scanning you. If they do it very often, and it noticably affects your network performance, sure, call it a DoS, but that is probably not the intention. If you want to see what ports they're hitting, do a: sysctl net.inet.tcp.log_in_vain=1 -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EF33C13.8050108>