Date: Sat, 31 Aug 2024 17:05:11 -0700 From: list_freebsd@bluerosetech.com To: Pete French <pete@twisted.org.uk>, FreeBSD Stable Mailing List <freebsd-stable@freebsd.org> Subject: Re: How to diagnose "Limiting closed port RST response from 213 to 205 packets/sec" ? Message-ID: <52218a81-0bb2-41bd-f66c-138d57c43359@bluerosetech.com> In-Reply-To: <27a993d5-c456-4add-8893-3e86af747ab1@twisted.org.uk> References: <27a993d5-c456-4add-8893-3e86af747ab1@twisted.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2024-08-31 7:32, Pete French wrote: > So I am running some servers with 14.1-STABLE, pretty standard - Apache > + mysql setup, and I am seeing a lot of the above messages. I have > always seen these form time to time, but recently I have had compmnaits > from a customer about the webservers being unavailable, and the times > they give correspond to bursts of these errors. > > I dont see any other errors, and am wondering how to get more info about > this message. Knowing if its IPv4 or IPv6 would be nice. Knowing the > port that is closed would be ideal. I have a feeling that the closed > port is the one which Apaxche is suppsoed to be listenin gon (I cant > think of nay other ports which would get hammered), but that should > never be closed. > > Any advice ? Mass portscanners like shodan usually are the cause of this. If you want to stop them from hitting your servers, you need an upstream packet filter that blocks an IP after it tries too many closed ports.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52218a81-0bb2-41bd-f66c-138d57c43359>