From owner-freebsd-questions@FreeBSD.ORG Fri Feb 25 14:19:15 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0ADB16A4CE for ; Fri, 25 Feb 2005 14:19:14 +0000 (GMT) Received: from metrocastcablevision.com (mail.metrocastcablevision.com [65.175.128.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6296043D2F for ; Fri, 25 Feb 2005 14:19:14 +0000 (GMT) (envelope-from showe@metrocastcablevision.com) Received: from [192.168.3.22] [65.175.128.10] by metrocastcablevision.com with ESMTP (SMTPD32-8.05) id A35BDDE03D8; Fri, 25 Feb 2005 09:16:59 -0500 Message-ID: <421F351E.1090801@metrocastcablevision.com> Date: Fri, 25 Feb 2005 09:24:30 -0500 From: Steven Howe User-Agent: Mozilla Thunderbird 0.7.2 (Windows/20040707) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Cody Holland References: <4B3EE484EEA4F344BBB62F83164899860F67B7@corpsrv.RedMoon.local> In-Reply-To: <4B3EE484EEA4F344BBB62F83164899860F67B7@corpsrv.RedMoon.local> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-IMAIL-SPAM-VALHELO: (232653784) cc: questions@freebsd.org Subject: Re: Kernel Log Message X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: showe@metrocastcablevision.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Feb 2005 14:19:15 -0000 Your machine is getting hit with a lot of SYN packets, and sending RST packets in return (lots of them) this is usually dude to a portscan, but may be different in your situation. To stop it, add the following lines to /etc/sysctl.conf net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 Regards, stevenrh Cody Holland wrote: >I keep getting the following kernel log messages in my daily security >run output. >xxx.xxx.xxx.xxx kernel log messages: > > >>Limiting closed port RST response from 283 to 200 packets/sec Limiting >> >> > > > >>closed port RST response from 283 to 200 packets/sec Limiting closed >>port RST response from 235 to 200 packets/sec Limiting closed port RST >> >> > > > >>response from 256 to 200 packets/sec Limiting closed port RST response >> >> > > > >>from 275 to 200 packets/sec Limiting closed port RST response from 256 >> >> > > > >>to 200 packets/sec Limiting closed port RST response from 284 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 254 to 200 >>packets/sec Limiting closed port RST response from 277 to 200 >>packets/sec Limiting closed port RST response from 254 to 200 >>packets/sec Limiting closed port RST response from 286 to 200 >>packets/sec Limiting closed port RST response from 254 to 200 >>packets/sec Limiting closed port RST response from 221 to 200 >>packets/sec Limiting closed port RST response from 263 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 264 to 200 >>packets/sec Limiting closed port RST response from 234 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 256 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 254 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 254 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 276 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 257 to 200 >>packets/sec Limiting closed port RST response from 254 to 200 >>packets/sec Limiting closed port RST response from 236 to 200 >>packets/sec Limiting closed port RST response from 234 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 260 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 254 to 200 >>packets/sec Limiting closed port RST response from 234 to 200 >>packets/sec Limiting closed port RST response from 257 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 235 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 238 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 256 to 200 >>packets/sec Limiting closed port RST response from 263 to 200 >>packets/sec Limiting closed port RST response from 286 to 200 >>packets/sec Limiting closed port RST response from 256 to 200 >>packets/sec Limiting closed port RST response from 284 to 200 >>packets/sec Limiting closed port RST response from 265 to 200 >>packets/sec Limiting closed port RST response from 256 to 200 >>packets/sec Limiting closed port RST response from 275 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 234 to 200 >>packets/sec Limiting closed port RST response from 260 to 200 >>packets/sec Limiting closed port RST response from 285 to 200 >>packets/sec Limiting closed port RST response from 254 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 276 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 286 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 275 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 288 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 256 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 240 to 200 >>packets/sec Limiting closed port RST response from 264 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 257 to 200 >>packets/sec Limiting closed port RST response from 284 to 200 >>packets/sec Limiting closed port RST response from 236 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 263 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 276 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 234 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 285 to 200 >>packets/sec Limiting closed port RST response from 257 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 254 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 263 to 200 >>packets/sec Limiting closed port RST response from 284 to 200 >>packets/sec Limiting closed port RST response from 220 to 200 >>packets/sec Limiting closed port RST response from 234 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 234 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 236 to 200 >>packets/sec Limiting closed port RST response from 247 to 200 >>packets/sec Limiting closed port RST response from 259 to 200 >>packets/sec Limiting closed port RST response from 272 to 200 >>packets/sec Limiting closed port RST response from 287 to 200 >>packets/sec Limiting closed port RST response from 256 to 200 >>packets/sec Limiting closed port RST response from 276 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 275 to 200 >>packets/sec Limiting closed port RST response from 235 to 200 >>packets/sec Limiting closed port RST response from 266 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 234 to 200 >>packets/sec Limiting closed port RST response from 263 to 200 >>packets/sec Limiting closed port RST response from 276 to 200 >>packets/sec Limiting closed port RST response from 234 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 257 to 200 >>packets/sec Limiting closed port RST response from 241 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 234 to 200 >>packets/sec Limiting closed port RST response from 276 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 266 to 200 >>packets/sec Limiting closed port RST response from 283 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 268 to 200 >>packets/sec Limiting closed port RST response from 287 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 276 to 200 >>packets/sec Limiting closed port RST response from 236 to 200 >>packets/sec Limiting closed port RST response from 255 to 200 >>packets/sec Limiting closed port RST response from 253 to 200 >>packets/sec Limiting closed port RST response from 275 to 200 >>packets/sec Limiting closed port RST response from 236 to 200 >>packets/sec Limiting closed port RST response from 285 to 200 >>packets/sec Limiting closed port RST response from 240 to 200 >>packets/sec Limiting closed port RST response from 279 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 226 to 200 >>packets/sec Limiting closed port RST response from 263 to 200 >>packets/sec Limiting closed port RST response from 284 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 262 to 200 >>packets/sec Limiting closed port RST response from 286 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 233 to 200 >>packets/sec Limiting closed port RST response from 284 to 200 >>packets/sec >> >> > >Is this what it is supposed to show? > >Cody >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > >