From owner-freebsd-security@FreeBSD.ORG Mon Jan 20 11:37:23 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EC0A199D for ; Mon, 20 Jan 2014 11:37:23 +0000 (UTC) Received: from ak47.hfbk-hamburg.de (ak47.hfbk-hamburg.de [193.174.241.201]) by mx1.freebsd.org (Postfix) with ESMTP id B1EFD11C0 for ; Mon, 20 Jan 2014 11:37:23 +0000 (UTC) Received: from [192.168.66.150] (e179198249.adsl.alicedsl.de [85.179.198.249]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ak47.hfbk-hamburg.de (Postfix) with ESMTPSA id 884703497F for ; Mon, 20 Jan 2014 12:31:07 +0100 (CET) Message-ID: <52DD08F7.1000306@hfbk-hamburg.de> Date: Mon, 20 Jan 2014 12:31:03 +0100 From: sa9k063 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131103 Icedove/17.0.10 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: portscans and blackhole Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jan 2014 11:37:24 -0000 Hello, can someone please explain: one of my boxes gets portscanned often by some likely infected laptops. While having set net.inet.tcp.blackhole=1 there are still messages like +Limiting closed port RST response from 348 to 200 packets/sec appearing. Are these RSTs actually sent out or does this just pop up for some other reason ? This is on 8.4-stable btw. thanks, Tee