Limiting closed port RST response

Chuck Swiger cswiger at
Fri Jun 20 09:53:43 PDT 2003

Matthew Ryan wrote:
[ ... ]
> I'm getting a lot of these in my security output.
>> Limiting closed port RST response from 220 to 200 packets per second
> They are always on ports between 200- 300.
> Could this be a DOS atttack?
> Where do I find a more detailed log?

Typically, this indicates that someone is port-scanning you.  If they do it very 
often, and it noticably affects your network performance, sure, call it a DoS, 
but that is probably not the intention.

If you want to see what ports they're hitting, do a:

	sysctl net.inet.tcp.log_in_vain=1


More information about the freebsd-questions mailing list