From owner-freebsd-questions@freebsd.org Sat Aug 25 23:24:28 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 367ED1098D14 for ; Sat, 25 Aug 2018 23:24:28 +0000 (UTC) (envelope-from nusenu-lists@riseup.net) Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AFAC3859EA for ; Sat, 25 Aug 2018 23:24:27 +0000 (UTC) (envelope-from nusenu-lists@riseup.net) Received: from cotinga.riseup.net (cotinga-pn.riseup.net [10.0.1.164]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id D1D8B1A115E for ; Sat, 25 Aug 2018 16:24:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1535239465; bh=Fh+mNRIlKmVuEDokb9biFHYrJe5BxdSJ/VgZQp1/Jd8=; h=To:References:From:Subject:Date:In-Reply-To:From; b=r/S2DBcZ6DWpQXWTXcrhMnJ2IKQl9kKNwGAOAOfsuIVZeXNqgjUq6FJehJGf9xXr/ fGqRvVbMlJTm82TsIeFOjX15KXGMNwxVVyR0BUGe4sHkIEEObR8TKWqohc+t6Bnzqt nqTtmgHeje6RVjzgnR4FSOYDbEhSYCZ/u0Wkq5kI= X-Riseup-User-ID: C023DAABD0FD1A50C92D1F6362BDF8D1DC10164723C1AFB906172125915E2196 Received: from [127.0.0.1] (localhost [127.0.0.1]) by cotinga.riseup.net with ESMTPSA id 5F07465FAF for ; Sat, 25 Aug 2018 16:24:23 -0700 (PDT) To: freebsd-questions@freebsd.org References: From: nusenu Openpgp: preference=signencrypt Autocrypt: addr=nusenu-lists@riseup.net; prefer-encrypt=mutual; keydata= xsFNBFj53gUBEADYKwT0pW1yiqt6UReZW8T2nXVCyeVT2G6z7AvW69afp82uthRH237pQ7Qs 5vq91DivN6fGN6cVksp0N9Yv+5HEQAwUxpLfcNDcGzmHMd0JMItEtozGv3a4FuiUoHAqeGXM 6Kzi3v5F2PZGF+U4QaGKEZq6u50gO/ZFy4GfC9z9tsO6Cm7s7KldVHMGx/a0MEGMwh6ZI9x2 hGXSSAKu58KRUkEpHzDiQTj+/j58ndNfZRQv6P5BLppHADRPqwEOm4RQcQYskyM0FdKXbJ8E 5GW268meflfv2BASsl3X/Xqxp+LNrstXIbFZ+38hVlQDDmdvaASpPTzIAxf8FxMYZqI+K1UE kP5nU45q84KiZoXwT6YYJDKToLSDnYkKlsrCSnLkE3Nb/IexgNoYO4nE6lT9BDV3athQCWw1 FwB5idRYWnIqbVgUFgYZDUdZBJmeTEeI+Wn5hFz6HvFVc/+haMVTcoEKSkG/tsSGsKOc2mp6 z+71io9JWrVQGmw7OeZeE4TvkF9GhwS8jrKO4E0crfcT/zT6368PZCO6Wpir8+po/ZfOWbbh 1hi3MxmXn4Fki55Zrvhy3sf28U+H/nByQV4CssYv/xVhIZsN/wNQLcDLgVs4JTBUik8eQR0Y Qrq9lG3ZVtbpEi7ZTJ6BOGIn2TKHsVIVGSQA0PdKpKYV45Lc4QARAQABzSBudXNlbnUgPG51 c2VudS1saXN0c0ByaXNldXAubmV0PsLBfQQTAQgAJwUCWPneBQIbAwUJBaOagAULCQgHAgYV CAkKCwIEFgIDAQIeAQIXgAAKCRCtYTjCRc1Cfq/kD/sHx+mnL6OLwJvBj1rVTyoHJYJARajz Go0yRlbrZSH6Z05OD3SDR9UVpWOZeY8JyFoTyCFQjAbIVjKifj0uSmi0j1iahrAgGGfik0cN XUkCxrW6jcJQ37EbvYWu4PryqLuC7IeQW1wCcB1ioyGYKkm2K6LZ9rzZPVYSmPohJ+gVI0Jt EdlNZl4JuZot9eA5w/22uvcStQHzXDsUxfqK8OAJpU8E3iBBdNpLPMDWpFz4g2yw5PD6jZ+K Q39PYMUFULaKe4YCw1O+0MFhZJI4KEcRYHuVy1b3cJjxzgVfEyFctLDsO1sh07vBhoVKUi8W e00pvGtv8QYxxMYIA3iACbsjGEr69GvvZ2pAnu9vT9OUCaES4riDCxbkMxK/Cbwk8F6mo0eq HDQ7sOZWQv81ncdG9ovlA7Pj96cEXgdtbbllF1aUZ8sAmT14YjGzhArGv7kyJ1imH5tX3OXk hBGA9JTk2mDNjEpFaTEajSvDiKyeEhWNTLm15siWkpg1124yjUkhQ3OCkw7aUDMiVn8+DQHo J2pP/84uUvngbhm1jV7nk8mxTUFgppUePkb5hhnRRzeK72QY00EwRdn7qnpNgijMJ3Fpjfy2 EeCEl3nNdcB7U0F+0ijA6P/+DROldxNr4eiP50RvV8XiW/yi2IkKBk50GNB87yYnDETxxx/c 2i00AM7BTQRY+d4FARAAwJZ6U7UT8uB1WCfLK3AOR1Wa9bzOAghlTR4WXbHB4ajQKG7/Fzud 99bnwD0V3/AOVz/SbGDyHe+7HMvd1A0Ll4NgyH6OpxY7wOwCXAYTAbcXLpM7eKTjjsb9A9XG 3FcIGvjcy76OkaewqhiABaShlStEYcPkRusHZuecXtCnfCjJKihU/kinWpBO9gY6SrF2KFCw aeS4r37brXQ9y8uy3gZ168QFuIa5AKfL0r5YN3k4StNSA2p5Z/pufWXMN3B03QC+3fireiz3 dinlHK6XjUW8oWSdNxJhexT/lUw+episNuWTQruy7PD+HeohYGXqjggmPUiWc171Sewb2f8H CHViHMee8QXqo/LSRkYVrtsx0HUSMKsVQOma/u2By03ucroIkQJQQfqX3YpK1i3EpUO2L0/m E8UpBvUm1vrst54EFym4tYNJTj9reVffFKh2cczmPVN5o8v3RrdTF96mGtcb9EJbGV4277ZE LqUspviEBXynqU3yZ48JhIWHj22/ha6TeBpapYZDOJ8lePed8E34J/GYE2YXl65LhpXAKvWz O3KiByGMysb9Li6zqZ9/BYQtg5CA6Q8Oo7pBxK4iiDH3GX2WvymmLoaOBpOaIYdvKr39fajE mzfbg7TdZKXxqp2KDrbw7vUJLDyrmPWpxHyhKHItzoi1Y59wzYSq3h0AEQEAAcLBZQQYAQgA DwUCWPneBQIbDAUJBaOagAAKCRCtYTjCRc1CfpfgEAC3tXZzhgKbF6fx5gMNDp/9MBpialvu k69UaGL3HUqM0/ytiT4FjYUmOK2mk37iop46GivsOC50PykG9gjbg9/QKUqgsZzJ8LJ+ldY4 /GKtiP5JoO59Obj8MJJ5Ta8yPfZiiNx/I8ydqd18E4PmQUCPlEKhett81t3+8R/mGwG72TaA hHwDjZAEjiXdnXh+z0AKpflCnYQafq0V73ofzuw4KovpJWMk/WPs5oSHhuV4TZ8nRkF6BR4y rEvs1kq8Y6DuNqQGwY3yilpnmqfMzzlWo7MlY657domU54bhGOsvNuZZsFDlcBczQo6h9OKq ckkVHUMAw38pX+EghzEfhYVWYmLNv5G9TA/M2s3frO3aN7ukNDq7CKIwfVz71/VfPaLQMY7/ jirzp9yIBZEi4E+PwP38FAGiD+nxzuUJv1rvxf6koqUGoHRvdppju2JLrC2nKW0La7RX7uZJ esCVkamT/XaXPROBTrZZqwbIXh2uSMzgXkC2mE1dsBf2rdsJ4y73+0DYq7YE52OV9MNoCYLH vpkapmD00svsP4sskRsrquPHkBBVCJa22lTaS8Oow9hGQe7BDjEhsVoPol889F0mbTRb3klv mGQ6/B/HA0pGWR9wISY8a7D40/qz6eE6+Yg22mtN1T8FFlNbyVmtBj0R/2HfJYhGBElLPefH jhF0TA== Subject: Re: finding the port for "kernel: Limiting open port RST response from x to y packets/sec" Message-ID: Date: Sat, 25 Aug 2018 23:24:00 +0000 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="6cm9Hj04DY8z3ZprWMg6vNZWpBrJttKCO" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Aug 2018 23:24:28 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --6cm9Hj04DY8z3ZprWMg6vNZWpBrJttKCO Content-Type: multipart/mixed; boundary="NQoSAyMdu1lu5yhwxmo1aac6epZYtjq24"; protected-headers="v1" From: nusenu To: freebsd-questions@freebsd.org Message-ID: Subject: Re: finding the port for "kernel: Limiting open port RST response from x to y packets/sec" References: In-Reply-To: --NQoSAyMdu1lu5yhwxmo1aac6epZYtjq24 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hello Michael, thanks for your reply. Michael Sierchio: >> Is there a way to find out which specific TCP port is getting hammered= >> or any other additional debug information related to these log entries= ? >> (the server has multiple open and publicly reachable open TCP ports) >> >=20 > You can identify and log these packets in IPFIREWALL (man ipfw). >=20 > You can also set sysctl net.inet.tcp.log_debug=3D1 unfortunately net.inet.tcp.log_debug=3D1 logs too much (I should only get= my IP and port, but not the other side's). I assume there are many potential reasons why the kernel would reply with an RST on an open port, are there pre-existing rulesets that match the kernel's reasons? --=20 https://twitter.com/nusenu_ https://mastodon.social/@nusenu --NQoSAyMdu1lu5yhwxmo1aac6epZYtjq24-- --6cm9Hj04DY8z3ZprWMg6vNZWpBrJttKCO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEElpDPH7u0KYWVTfK7rWE4wkXNQn4FAluB5SAACgkQrWE4wkXN Qn4o7w//a3YHBTMiX6A0zbcgamtPQfDbBam+XmUDED1faSL7tG19a3RiGkA5/zId mo0QIS5muACfr8+4D4Yau+8nL1zXFyvMrnBB3UEllOAxKA3vv2/dyzrmFnNrmjpO LCXb0xJbp0D5BpIppVBzwC3A4JdY04YgtSU7hiLLBT7wJfkwNFZ8n9JgRJx+q9L3 hjrTemp0RyewkAOOoWweAAnREFY21bySmGaGmKuRAOX7s5RF7nco3zbOkDO2ir7L YO9otVkHzD1sK3XCG7C9HDB6QlHYFG+TaHNCY8iULP1aW0dkNapXdwh+SVjJtpQm 6bpH9gs7nGQ5zLtLPxuUqXmcgyg0LRNkSnDj0ztXvvTIE2zFYx09zl2XuVkNXvoP iBOnRy6osDmh8gmgVP+zvBw1+heL0sUr/uDh1fYRvUoeWBTJVxEUC8dKjkKQMWvk AYxzBK4UJin0T9s2RufVSF4BkaGuH0/Uu1Onfy3x+VydOnrEuSfqWXRpHkX4RZbm /mLnfXNaLfGf972cv5ME7ccE0O2yPc7FnBYbz813hLUDNjn+Y5hyKSvkFXk3fY7i E/45BfwOiYHCJ7YgAqLBY5Rniq+QwrRA0NfN11fof5SrqjpKY+mUYgLM7o0ciZ0d t+vdpnSz6nQURtXkfZicBQB2MSUk3LRgBh//1ITin3itxEZJDRs= =t6Mv -----END PGP SIGNATURE----- --6cm9Hj04DY8z3ZprWMg6vNZWpBrJttKCO--