Date: Sat, 25 Aug 2018 23:24:00 +0000 From: nusenu <nusenu-lists@riseup.net> To: freebsd-questions@freebsd.org Subject: Re: finding the port for "kernel: Limiting open port RST response from x to y packets/sec" Message-ID: <f80a291c-0238-3a21-8f9d-b920b32cb2b1@riseup.net> In-Reply-To: <CAHu1Y70XBNkOehTBnP=VERue6E5shhA46aNN-6qXL7MMkU0r-w@mail.gmail.com> References: <c3a1198f-e786-92c8-f126-db09a511749b@riseup.net> <CAHu1Y70XBNkOehTBnP=VERue6E5shhA46aNN-6qXL7MMkU0r-w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --6cm9Hj04DY8z3ZprWMg6vNZWpBrJttKCO Content-Type: multipart/mixed; boundary="NQoSAyMdu1lu5yhwxmo1aac6epZYtjq24"; protected-headers="v1" From: nusenu <nusenu-lists@riseup.net> To: freebsd-questions@freebsd.org Message-ID: <f80a291c-0238-3a21-8f9d-b920b32cb2b1@riseup.net> Subject: Re: finding the port for "kernel: Limiting open port RST response from x to y packets/sec" References: <c3a1198f-e786-92c8-f126-db09a511749b@riseup.net> <CAHu1Y70XBNkOehTBnP=VERue6E5shhA46aNN-6qXL7MMkU0r-w@mail.gmail.com> In-Reply-To: <CAHu1Y70XBNkOehTBnP=VERue6E5shhA46aNN-6qXL7MMkU0r-w@mail.gmail.com> --NQoSAyMdu1lu5yhwxmo1aac6epZYtjq24 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hello Michael, thanks for your reply. Michael Sierchio: >> Is there a way to find out which specific TCP port is getting hammered= >> or any other additional debug information related to these log entries= ? >> (the server has multiple open and publicly reachable open TCP ports) >> >=20 > You can identify and log these packets in IPFIREWALL (man ipfw). >=20 > You can also set sysctl net.inet.tcp.log_debug=3D1 unfortunately net.inet.tcp.log_debug=3D1 logs too much (I should only get= my IP and port, but not the other side's). I assume there are many potential reasons why the kernel would reply with an RST on an open port, are there pre-existing rulesets that match the kernel's reasons? --=20 https://twitter.com/nusenu_ https://mastodon.social/@nusenu --NQoSAyMdu1lu5yhwxmo1aac6epZYtjq24-- --6cm9Hj04DY8z3ZprWMg6vNZWpBrJttKCO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEElpDPH7u0KYWVTfK7rWE4wkXNQn4FAluB5SAACgkQrWE4wkXN Qn4o7w//a3YHBTMiX6A0zbcgamtPQfDbBam+XmUDED1faSL7tG19a3RiGkA5/zId mo0QIS5muACfr8+4D4Yau+8nL1zXFyvMrnBB3UEllOAxKA3vv2/dyzrmFnNrmjpO LCXb0xJbp0D5BpIppVBzwC3A4JdY04YgtSU7hiLLBT7wJfkwNFZ8n9JgRJx+q9L3 hjrTemp0RyewkAOOoWweAAnREFY21bySmGaGmKuRAOX7s5RF7nco3zbOkDO2ir7L YO9otVkHzD1sK3XCG7C9HDB6QlHYFG+TaHNCY8iULP1aW0dkNapXdwh+SVjJtpQm 6bpH9gs7nGQ5zLtLPxuUqXmcgyg0LRNkSnDj0ztXvvTIE2zFYx09zl2XuVkNXvoP iBOnRy6osDmh8gmgVP+zvBw1+heL0sUr/uDh1fYRvUoeWBTJVxEUC8dKjkKQMWvk AYxzBK4UJin0T9s2RufVSF4BkaGuH0/Uu1Onfy3x+VydOnrEuSfqWXRpHkX4RZbm /mLnfXNaLfGf972cv5ME7ccE0O2yPc7FnBYbz813hLUDNjn+Y5hyKSvkFXk3fY7i E/45BfwOiYHCJ7YgAqLBY5Rniq+QwrRA0NfN11fof5SrqjpKY+mUYgLM7o0ciZ0d t+vdpnSz6nQURtXkfZicBQB2MSUk3LRgBh//1ITin3itxEZJDRs= =t6Mv -----END PGP SIGNATURE----- --6cm9Hj04DY8z3ZprWMg6vNZWpBrJttKCO--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f80a291c-0238-3a21-8f9d-b920b32cb2b1>