Date: Thu, 18 Oct 2001 06:15:19 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Mike Silbersack <silby@silby.com> Cc: David Malone <dwmalone@maths.tcd.ie>, Zhihui Zhang <zzhang@cs.binghamton.edu>, freebsd-hackers@freebsd.org Subject: Re: Limiting closed port RST response Message-ID: <3BCED5E7.3FAE9EB8@mindspring.com> References: <20011017120330.H47595-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Silbersack wrote: > > > Could someone be port scanning you? Another possibility is that you > > > alot of machines are trying to contact a TCP service on the machine > > > in question, which isn't running. > > > > I've seen this while doing load testing. > > > > In general, you want the limit threshold to be higher than > > the connections per second rate, or you will get this message. > > > > I have modified my code locally to crank it up to twice the > > listen queue depth. Frequently, you are just better off by > > turning of the limiting entirely (there's s sysctl; look at > > the code in netinet that emits the message, or grep sysctl -A > > for "lim"). > > Wouldn't fixing your code so that it isn't dropping connections be a > better plan? When things are working properly, there should be no need > for RSTs to be thrown around the network. The problem is what to do when you are attacked. You need to balance resiliance in the face of attack with the ability to bear a legitimately high load. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BCED5E7.3FAE9EB8>