From owner-freebsd-hackers  Wed Oct 17 10:11:53 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39])
	by hub.freebsd.org (Postfix) with ESMTP id 10F8E37B405
	for <freebsd-hackers@freebsd.org>; Wed, 17 Oct 2001 10:11:51 -0700 (PDT)
Received: (qmail 47933 invoked by uid 1000); 17 Oct 2001 17:11:05 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 17 Oct 2001 17:11:05 -0000
Date: Wed, 17 Oct 2001 12:11:05 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Zhihui Zhang <zzhang@cs.binghamton.edu>
Cc: <freebsd-hackers@freebsd.org>
Subject: Re: Limiting closed port RST response
In-Reply-To: <Pine.SOL.4.21.0110171141520.608-100000@onyx>
Message-ID: <20011017120846.H47595-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


On Wed, 17 Oct 2001, Zhihui Zhang wrote:

>
> I was using FreeBSD a while ago, suddenly a lot of messages show up:
>
> Limiting closed port RST responses from 224 to 200 packets per seconds.
>
> These messages persist even after reboot. What happened? What should I do?
> Thanks!
>
> -Zhihui

Sounds like nmap - it appears to rate limit its portscans to the rate at
which it is receiving replies.  You could lower the icmplim to frustrate
the portscanners more.  (Although if they had any skill you wouldn't be
noticing their scan, so perhaps that doesn't matter.)

Mike "Silby" Silbersack


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message