From owner-freebsd-questions@FreeBSD.ORG Sat May 14 07:21:21 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FEE816A4CE for ; Sat, 14 May 2005 07:21:21 +0000 (GMT) Received: from mail.rulez.sk (DaEmoN.RuLeZ.sK [84.16.32.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64EB243D81 for ; Sat, 14 May 2005 07:21:20 +0000 (GMT) (envelope-from danger@rulez.sk) Received: from localhost (localhost [127.0.0.1]) by mail.rulez.sk (Postfix) with ESMTP id EA97145035; Sat, 14 May 2005 09:21:16 +0200 (CEST) Received: from danger.mcrn.sk (danger.mcrn.sk [84.16.37.254]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.rulez.sk (Postfix) with ESMTP id 0530245034; Sat, 14 May 2005 09:21:12 +0200 (CEST) Date: Sat, 14 May 2005 09:19:45 +0200 From: Daniel Gerzo X-Priority: 3 (Normal) Message-ID: <354708933.20050514091945@rulez.sk> To: "Colin J. Raven" , questions@freebsd.org In-Reply-To: <20050514090844.Q9329@kenmore.kozy-kabin.nl> References: <20050514090844.Q9329@kenmore.kozy-kabin.nl> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="----------761B514836785061" X-Virus-Scanned: by amavisd-new at mail.rulez.sk X-Spam-Status: No, hits=-4.723 tagged_above=-999 required=5 tests=[ALL_TRUSTED=-3.3, AWL=0.079, BAYES_00=-2.599, PRIORITY_NO_NAME=1.097] X-Spam-Level: X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Re: Strange kernel messages X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Daniel Gerzo List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2005 07:21:21 -0000 This is a cryptographically signed message in MIME format. ------------761B514836785061 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Hello Colin, Saturday, May 14, 2005, 9:14:20 AM, you thoughtfully wrote the following: > Hi all! > I occasionally get these in my daily security run output (which is=20 > worrying in itself) > Limiting closed port RST response from 1629 to 200 packets per second > the number of these can range from one or two, to sometimes 25 - 30=20 > although the latter case is rarer. Usually there's about six or so.=20 > These don't arrive every day, usually about once per week on average. > Is this an OS response to an attempted attack, limiting potential DDOS > damage? That's how I'm reading it, but of course I'm guessing. If that > *is* so, what mechanism is doing this? your kernel is limitting number of icmp ping requests to 200, someone is possibly trying to ping -f you. You can also decrease/increase this limit with net.inet.icmp.icmplim > FreeBSD 4.11 STABLE > Regards & TIA > -Colin --=20 Best Regards, DanGer, ICQ: 261701668 | e-mail protecting at: http://www.2pu.net/ http://danger.rulez.sk | proxy list at: http://www.proxy-web.com/ | FreeBSD - The Power to Serve! [ i locked the door to my own cell, and i lost the key ] ------------761B514836785061--