From owner-freebsd-security Fri Dec 14 21: 2: 6 2001 Delivered-To: freebsd-security@freebsd.org Received: from niwun.pair.com (niwun.pair.com [209.68.2.70]) by hub.freebsd.org (Postfix) with SMTP id BEAF037B405 for ; Fri, 14 Dec 2001 21:01:58 -0800 (PST) Received: (qmail 83649 invoked by uid 3193); 15 Dec 2001 05:01:57 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 15 Dec 2001 05:01:57 -0000 Date: Sat, 15 Dec 2001 00:01:56 -0500 (EST) From: Mike Silbersack X-Sender: To: Alex Popa Cc: Subject: Re: Rate-limiting OPEN port RST response? In-Reply-To: <20011215001404.A55184@ldc.ro> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 15 Dec 2001, Alex Popa wrote: > Is there such a limitation active by default? I am seeing the following > message: > Limiting open port RST response from 337 to 200 packets per second > on my home machine, connected through a 14k modem to the net. I also > have net.inet.{tcp,udp}.log_in_vain enabled, and have seen no messages > from these facilities. > > Could these messages be caused by an external source? I believe the link > is too slow to produce 300+ SYNs per second. At the time I was also > running Opera 6 for Linux, and Netscape, so there is a small possibility > that one of these is trying to connect too often to the squid I run. > > Opinions? Open port RSTs should be really rare, and it does seem unlikely that they could come in that fast through a modem... unless you can cause this to happen again and run tcpdump, I don't think we'll know what is occuring. (The one thing we do know is that something is going wrong - you should basically never see open port resets if everything is working properly.) Sorry, Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message