Limiting closed port

Jerahmy Pocott quakenet1 at optusnet.com.au
Fri Sep 2 03:15:20 PDT 2005


On 01/09/2005, at 7:20 PM, Dark Star wrote:

>
> Hello all,
>
>    Im on FreeBSD 4.8-R
>   my logs since over 4 months always complaining from th follow:
>
>   /kernel: Limiting closed port RST response from 243 to 200  
> packets per second
>   /kernel: Limiting closed port RST response from 222 to 200  
> packets per second
>   /kernel: Limiting closed port RST response from 238 to 200  
> packets per second
>
>   I think its sometype of scan or attack.

A scan..

If someone tries to connect to a port that has no service attached to  
it, by default the
server will send a RST (reset) packet back (for TCP)..

Someone is trying to scan you very quickly, so generating a lot of  
RST packets (probably
scanning a very large range of ports) and the kernel is reducing the  
amount it will send
per second..

This isn't really a problem, you can also set it so that connections  
to closed ports will not
generate a RST response, but you would no longer be compliant with  
the RFCs regarding
TCP connections..

If you aren't running a firewall you should probably be running one  
anyway since it seems
your system is exposed to the outside world.. Personally I wouldn't  
be worried about the
above log, unless you are running services which allow connections  
from the outside and
which are possibly not very secure (public ftp, old versions of  
named, etc)..



More information about the freebsd-questions mailing list