Date: Sat, 15 Dec 2001 00:01:56 -0500 (EST) From: Mike Silbersack <silby@silby.com> To: Alex Popa <razor@ldc.ro> Cc: <freebsd-security@freebsd.org> Subject: Re: Rate-limiting OPEN port RST response? Message-ID: <Pine.BSF.4.30.0112142357090.79879-100000@niwun.pair.com> In-Reply-To: <20011215001404.A55184@ldc.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 15 Dec 2001, Alex Popa wrote:
> Is there such a limitation active by default? I am seeing the following
> message:
> Limiting open port RST response from 337 to 200 packets per second
> on my home machine, connected through a 14k modem to the net. I also
> have net.inet.{tcp,udp}.log_in_vain enabled, and have seen no messages
> from these facilities.
>
> Could these messages be caused by an external source? I believe the link
> is too slow to produce 300+ SYNs per second. At the time I was also
> running Opera 6 for Linux, and Netscape, so there is a small possibility
> that one of these is trying to connect too often to the squid I run.
>
> Opinions?
Open port RSTs should be really rare, and it does seem unlikely that they
could come in that fast through a modem... unless you can cause this to
happen again and run tcpdump, I don't think we'll know what is occuring.
(The one thing we do know is that something is going wrong - you should
basically never see open port resets if everything is working properly.)
Sorry,
Mike "Silby" Silbersack
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.30.0112142357090.79879-100000>