From owner-freebsd-current@FreeBSD.ORG Tue Feb 12 12:56:23 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 16B8616A496 for ; Tue, 12 Feb 2008 12:56:23 +0000 (UTC) (envelope-from gahr@gahr.ch) Received: from cpanel03.rubas-s03.net (cpanel03.rubas-s03.net [195.182.222.73]) by mx1.freebsd.org (Postfix) with ESMTP id BE8DE13C467 for ; Tue, 12 Feb 2008 12:56:22 +0000 (UTC) (envelope-from gahr@gahr.ch) Received: from gahrtop.bfh.ch ([147.87.108.5] helo=gahrtop.localhost) by cpanel03.rubas-s03.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from ) id 1JOugP-0002LC-QE; Tue, 12 Feb 2008 13:56:21 +0100 Message-ID: <47B1976A.3090705@gahr.ch> Date: Tue, 12 Feb 2008 13:56:10 +0100 From: Pietro Cerutti User-Agent: Thunderbird 2.0.0.9 (X11/20080208) MIME-Version: 1.0 To: "Aryeh M. Friedman" References: <47B195EF.9060603@gmail.com> In-Reply-To: <47B195EF.9060603@gmail.com> X-Enigmail-Version: 0.95.5 OpenPGP: id=9571F78E; url=http://www.gahr.ch/pgp Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigA80D9044DD1DBAE320BC9311" X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cpanel03.rubas-s03.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - gahr.ch X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-current@freebsd.org Subject: Re: does this error message mean anything bad? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Feb 2008 12:56:23 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigA80D9044DD1DBAE320BC9311 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Aryeh M. Friedman wrote: > Limiting closed port RST response from 266 to 200 packets/second. In the average case, someone is doing a portscan against you. In the worst case, they're trying to do a DOS attack. I suggest that you set the following sysctl variables net.inet.tcp.blackhole=3D2 net.inet.udp.blackhole=3D1 and that you read the man page for blackhole(4). P.S. this would better fit on freebsd-questions@ --=20 Pietro Cerutti PGP Public Key: http://gahr.ch/pgp --------------enigA80D9044DD1DBAE320BC9311 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (FreeBSD) iEYEAREKAAYFAkexl28ACgkQwMJqmJVx947xXwCfZqxuON1l5c09Bv4siARBfsak bjEAoNtUDhz1Fsi9aqt4LXoXsxu0fETL =2ODR -----END PGP SIGNATURE----- --------------enigA80D9044DD1DBAE320BC9311--