From owner-freebsd-security Fri Dec 14 14:14: 9 2001 Delivered-To: freebsd-security@freebsd.org Received: from ldc.ro (ldc-gw.rdsnet.ro [213.157.163.8]) by hub.freebsd.org (Postfix) with SMTP id 28A1D37B405 for ; Fri, 14 Dec 2001 14:14:06 -0800 (PST) Received: (qmail 57247 invoked by uid 666); 14 Dec 2001 22:14:04 -0000 Date: Sat, 15 Dec 2001 00:14:04 +0200 From: Alex Popa To: freebsd-security@freebsd.org Subject: Rate-limiting OPEN port RST response? Message-ID: <20011215001404.A55184@ldc.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is there such a limitation active by default? I am seeing the following message: Limiting open port RST response from 337 to 200 packets per second on my home machine, connected through a 14k modem to the net. I also have net.inet.{tcp,udp}.log_in_vain enabled, and have seen no messages from these facilities. Could these messages be caused by an external source? I believe the link is too slow to produce 300+ SYNs per second. At the time I was also running Opera 6 for Linux, and Netscape, so there is a small possibility that one of these is trying to connect too often to the squid I run. Opinions? ------------+------------------------------------------ Alex Popa, | "Artificial Intelligence is razor@ldc.ro| no match for Natural Stupidity" ------------+------------------------------------------ "It took the computing power of three C-64s to fly to the Moon. It takes a 486 to run Windows 95. Something is wrong here." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message