From owner-freebsd-questions@FreeBSD.ORG Sun May 15 11:14:15 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4620316A4CE for ; Sun, 15 May 2005 11:14:15 +0000 (GMT) Received: from mail.nativenerds.com (host-70-0-111-24.midco.net [24.111.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD69143D73 for ; Sun, 15 May 2005 11:14:14 +0000 (GMT) (envelope-from estover@nativenerds.com) Received: from [192.168.1.89] (host-133-35-230-24.midco.net [24.230.35.133]) j4FBS1oj009952; Sun, 15 May 2005 05:28:02 -0600 (MDT) (envelope-from estover@nativenerds.com) Message-ID: <42872F58.3010802@nativenerds.com> Date: Sun, 15 May 2005 05:15:36 -0600 From: Ed Stover Organization: Native Nerds User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050503) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Colin J. Raven" References: <20050514090844.Q9329@kenmore.kozy-kabin.nl> In-Reply-To: <20050514090844.Q9329@kenmore.kozy-kabin.nl> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mail.nativenerds.com cc: FreeBSD Questions Subject: Re: Strange kernel messages X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: estover@nativenerds.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 May 2005 11:14:15 -0000 Colin J. Raven wrote: > Hi all! > I occasionally get these in my daily security run output (which is > worrying in itself) > > Limiting closed port RST response from 1629 to 200 packets per second > > the number of these can range from one or two, to sometimes 25 - 30 > although the latter case is rarer. Usually there's about six or so. > These don't arrive every day, usually about once per week on average. You get those when someone nmaps you. What I do aside from FreeBSD's builtin anti-DOS stuff is; 1. Blackholeing 2.portsentry (it is kinda a honey pot but has some pretty neat features) > > Is this an OS response to an attempted attack, limiting potential DDOS > damage? yes it is. How heavily loaded is your server? >That's how I'm reading it, but of course I'm guessing. If that > *is* so, what mechanism is doing this? Others have answered this question allready ;) > > FreeBSD 4.11 STABLE > > Regards & TIA > -Colin > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >