Limiting closed port
Jerahmy Pocott
quakenet1 at optusnet.com.au
Fri Sep 2 03:15:20 PDT 2005
On 01/09/2005, at 7:20 PM, Dark Star wrote:
>
> Hello all,
>
> Im on FreeBSD 4.8-R
> my logs since over 4 months always complaining from th follow:
>
> /kernel: Limiting closed port RST response from 243 to 200
> packets per second
> /kernel: Limiting closed port RST response from 222 to 200
> packets per second
> /kernel: Limiting closed port RST response from 238 to 200
> packets per second
>
> I think its sometype of scan or attack.
A scan..
If someone tries to connect to a port that has no service attached to
it, by default the
server will send a RST (reset) packet back (for TCP)..
Someone is trying to scan you very quickly, so generating a lot of
RST packets (probably
scanning a very large range of ports) and the kernel is reducing the
amount it will send
per second..
This isn't really a problem, you can also set it so that connections
to closed ports will not
generate a RST response, but you would no longer be compliant with
the RFCs regarding
TCP connections..
If you aren't running a firewall you should probably be running one
anyway since it seems
your system is exposed to the outside world.. Personally I wouldn't
be worried about the
above log, unless you are running services which allow connections
from the outside and
which are possibly not very secure (public ftp, old versions of
named, etc)..
More information about the freebsd-questions
mailing list