Limiting closed port RST response
Chuck Swiger
cswiger at mac.com
Fri Jun 20 09:53:43 PDT 2003
Matthew Ryan wrote:
[ ... ]
> I'm getting a lot of these in my security output.
>
>> Limiting closed port RST response from 220 to 200 packets per second
>
> They are always on ports between 200- 300.
>
> Could this be a DOS atttack?
> Where do I find a more detailed log?
Typically, this indicates that someone is port-scanning you. If they do it very
often, and it noticably affects your network performance, sure, call it a DoS,
but that is probably not the intention.
If you want to see what ports they're hitting, do a:
sysctl net.inet.tcp.log_in_vain=1
--
-Chuck
More information about the freebsd-questions
mailing list