On Sun, Oct 05, 2008 at 12:53:03PM -0500, Scott Bennett wrote: > I'm getting a lot of messages like this: > > Oct 4 14:30:00 hellas kernel: Limiting closed port RST response from 250 to > 200 packets/sec > > Is there some rule I can insert into /etc/pf.conf to reject these apparently > invalid RST packets before they can bother TCP? At the same time, I do not > want to reject legitimate RST packets. > Thanks in advance for any clues!
Well, just to clarify a bit, the RST packets aren't the ones you are getting. You are apparently getting port-scanned. The message just says it won't reply by an RST packet to a SYN going to a closed port more than 200 times per second. I would suggest ignoring all SYN packets going to closed ports. Haven't yet used pf though, so I can't say how exactly to do this. -- (-K JohnNy alias Partial Derivative ∂ [home] http://johnny64.fixinko.sk/ [icq] 338328204 [abandoned] [jabber] [EMAIL PROTECTED] [skype] JohnNy64-konik [abandoned]
pgp4s9I67iRaB.pgp
Description: PGP signature
