Date: Wed, 18 Apr 2001 13:07:33 -0700 (PDT) From: Doug White <dwhite@resnet.uoregon.edu> To: Michael Grant <mg-fbsd@grant.org> Cc: <freebsd-stable@FreeBSD.ORG> Subject: Re: open port RST response messages Message-ID: <Pine.BSF.4.33.0104181306300.81356-100000@resnet.uoregon.edu> In-Reply-To: <200104170846.KAA22298@splat.grant.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 17 Apr 2001, Michael Grant wrote: > I'm getting loads of messages like these in my logs: > > /kernel: Limiting open port RST response from 990 to 200 packets per second > > What's going on here, is someone sending sending me the RST packet or > is it my server that's RSTing an open connection? > > Whatever it is, it's not constant, I've sat there with tcpdump waiting > and watching and have never seen hugh numbers of TCP RST packets going > by: > > tcpdump 'tcp[13] & 0x04 != 0' It means someone is SYN flooding a closed port on your box. The system rate-limits the replies to reduce the damage. You can tune it with sysctl, but that's a lot of traffic .. you should probably tcpdump and see what bozo is banging on it. Doug White | FreeBSD: The Power to Serve dwhite@resnet.uoregon.edu | www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0104181306300.81356-100000>