Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 01 Sep 2005 11:10:45 -0400
From:      Chuck Swiger <cswiger@mac.com>
To:        Dark Star <dead_line@hotmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Limiting closed port
Message-ID:  <431719F5.3050201@mac.com>
In-Reply-To: <BAY20-F293FDFDBA0654AFB8BCE3A9AA00@phx.gbl>
References:  <BAY20-F293FDFDBA0654AFB8BCE3A9AA00@phx.gbl>

next in thread | previous in thread | raw e-mail | index | archive | help
Dark Star wrote:
>   /kernel: Limiting closed port RST response from 243 to 200 packets per 
> second
>   /kernel: Limiting closed port RST response from 222 to 200 packets per 
> second
>   /kernel: Limiting closed port RST response from 238 to 200 packets per 
> second
> 
>   I think its sometype of scan or attack.

It's almost certainly a portscan.  Per se, that's not an attack, but if someone 
follows up trying to exploit open services, it would be.

>   My server has a range of ips, I'm not sure what is this? how to 
> protect it? IPFW will prevent this?

Yes, IPFW, PF, or another firewall can prevent this traffic.

>   how do i know, this attack to what IP excatly?

Run "tcpdump -n".

-- 
-Chuck




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?431719F5.3050201>