I am getting a tremendous amount of messages on a particular server saying something close to:
kernel: Limiting open port RST response from 302 to 200 packets/sec
This generally means the system is being portscanned.
[ ... ]I understand the reasons for the message, but I'm having a hard time tracking down a possible point source. Neither ethereal nor tcpdump seem to be picking up any packets with the TCP RST bit set. I have tried this, for example:
TCP and UDP blackhole sysctls are also already setup, and it appears that the RST packets are being sent out to internet hosts with a dstport of 80. The machine being affected is running squid.
If you turn on the blackhole sysctls, then your machine will not generate RST packets. Caveat operator. :-)
Does anyone have advice on this?
If this machine is not supposed to be completely exposed on the 'net, consider putting it behind a firewall.
-- -Chuck
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
