Date: Tue, 29 May 2001 02:37:22 +0300 From: Peter Pentchev <roam@orbitel.bg> To: Retal <lirandb@netvision.net.il> Cc: freebsd-security@freebsd.org Subject: Re: Kernel message Message-ID: <20010529023722.C30478@ringworld.oblivion.bg> In-Reply-To: <001a01c0e7d2$97743e20$b88f39d5@a>; from lirandb@netvision.net.il on Tue, May 29, 2001 at 02:02:03AM %2B0200 References: <001a01c0e7d2$97743e20$b88f39d5@a>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 29, 2001 at 02:02:03AM +0200, Retal wrote:
> I got this message while i was changing icmpbandlim from 200 to 30:
> May 29 01:42:14 freebsd /kernel: Limiting closed port RST response from 78 to 30
> packets per second
>
> i got this message like 10000 times..
> What is that means..
Somebody was portscanning you - running a simple program that connects
to every port from 1 to, say, 32768, on your machine, to see which ports
are 'open' - what services (daemons, servers) you are running on your
machine. The kernel had to sent a lot of 'connection refused' ('closed'
port, not open) messages, and it had a max value of 30 of those per second.
It is informing you that in one given second, it was supposed to send out
78 of those, but it only sent 30.
So.. somebody was portscanning you. If you are running any programs
that have known security issues, you had better stop them. Look at
the output of sockstat -4 to see which ports you have open (if your
FreeBSD is 4.3 or later, you can use sockstat -4l to see listening
sockets only), then look at the FreeBSD website to find a list of
security advisories to see if any of the programs you are running
are vulnerable in the versions on your machine.
G'luck,
Peter
--
I am the meaning of this sentence.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010529023722.C30478>