From owner-freebsd-security  Thu Sep 27  9: 9:51 2001
Delivered-To: freebsd-security@freebsd.org
Received: from R181172.resnet.ucsb.edu (R181172.resnet.ucsb.edu [128.111.181.172])
	by hub.freebsd.org (Postfix) with ESMTP id 3929037B620
	for <freebsd-security@FreeBSD.ORG>; Thu, 27 Sep 2001 09:09:46 -0700 (PDT)
Received: from localhost (mudman@localhost)
	by R181172.resnet.ucsb.edu (8.11.6/8.11.6) with ESMTP id f8RGAt201700;
	Thu, 27 Sep 2001 09:10:56 -0700 (PDT)
	(envelope-from mudman@R181172.resnet.ucsb.edu)
Date: Thu, 27 Sep 2001 09:10:55 -0700 (PDT)
From: Dave <mudman@R181172.resnet.ucsb.edu>
To: Ronan Lucio <ronan@melim.com.br>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: flood attacks
In-Reply-To: <01eb01c14757$f699b580$2aa8a8c0@melim.com.br>
Message-ID: <Pine.BSF.4.33.0109270907350.1695-100000@R181172.resnet.ucsb.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

>     Limiting closed port RST response from 1800 to 200 packets per second.

Awhile back, I managed to reproduce this by portscanning myself with a
very fast scanner which doesn't wait for any kind of response from the
server before testing the next port.  The 1800 to 200 message thing sounds
quite general, so you could be getting flooded with lots of different
kinds of data.  If the messages come in briefly and then stop for awhile
(rather than a continus flow) you could just be getting a fast port scan.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message