kernel: Limiting open port RST
Charles Swiger
cswiger at mac.com
Thu Nov 4 10:53:09 PST 2004
On Nov 4, 2004, at 1:18 PM, Nathan Kinkade wrote:
> I am getting a tremendous amount of messages on a particular server
> saying something close to:
>
> kernel: Limiting open port RST response from 302 to 200 packets/sec
This generally means the system is being portscanned.
> I understand the reasons for the message, but I'm having a hard time
> tracking down a possible point source. Neither ethereal nor tcpdump
> seem to be picking up any packets with the TCP RST bit set. I have
> tried this, for example:
[ ... ]
> TCP and UDP blackhole sysctls are also already
> setup, and it appears that the RST packets are being sent out to
> internet hosts with a dstport of 80. The machine being affected is
> running squid.
If you turn on the blackhole sysctls, then your machine will not
generate RST packets. Caveat operator. :-)
> Does anyone have advice on this?
If this machine is not supposed to be completely exposed on the 'net,
consider putting it behind a firewall.
--
-Chuck
More information about the freebsd-questions
mailing list