Re: Kernel message

From: Peter Pentchev (roam@orbitel.bg)
Date: 05/29/01

• Next message: Michael Tang Helmeste: "RE: Kernel message"
• Previous message: FreeBSD Security Advisories: "FreeBSD Ports Security Advisory FreeBSD-SA-01:23.icecast [REVISED]"
• In reply to: Retal: "Kernel message"
• Next in thread: Michael Tang Helmeste: "RE: Kernel message"
• Reply: Michael Tang Helmeste: "RE: Kernel message"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 29 May 2001 02:37:22 +0300
From: Peter Pentchev <roam@orbitel.bg>
To: Retal <lirandb@netvision.net.il>

On Tue, May 29, 2001 at 02:02:03AM +0200, Retal wrote:
> I got this message while i was changing icmpbandlim from 200 to 30:
> May 29 01:42:14 freebsd /kernel: Limiting closed port RST response from 78 to 30
> packets per second
>
> i got this message like 10000 times..
> What is that means..

Somebody was portscanning you - running a simple program that connects
to every port from 1 to, say, 32768, on your machine, to see which ports
are 'open' - what services (daemons, servers) you are running on your
machine. The kernel had to sent a lot of 'connection refused' ('closed'
port, not open) messages, and it had a max value of 30 of those per second.
It is informing you that in one given second, it was supposed to send out
78 of those, but it only sent 30.

So.. somebody was portscanning you. If you are running any programs
that have known security issues, you had better stop them. Look at
the output of sockstat -4 to see which ports you have open (if your
FreeBSD is 4.3 or later, you can use sockstat -4l to see listening
sockets only), then look at the FreeBSD website to find a list of
security advisories to see if any of the programs you are running
are vulnerable in the versions on your machine.

G'luck,
Peter

-- 
I am the meaning of this sentence.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Michael Tang Helmeste: "RE: Kernel message"
• Previous message: FreeBSD Security Advisories: "FreeBSD Ports Security Advisory FreeBSD-SA-01:23.icecast [REVISED]"
• In reply to: Retal: "Kernel message"
• Next in thread: Michael Tang Helmeste: "RE: Kernel message"
• Reply: Michael Tang Helmeste: "RE: Kernel message"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Closed Port, Need to Reopen ... FreeBSD does nothing special here. ... If you are sure you have an application listening on this port (check sockstat) then it is being filtered somewhere in between you and the machine you are trying to check from. ... (freebsd-stable) partition/cd recognition problem hal GNOME 2.16 FreeBSD RELEASE 6.2 ... FreeBSD elbereth.gateway.2wire.net 6.2-RELEASE FreeBSD ... 0xf0000000-0xf7ffffff,0xffa80000-0xffafffff irq 16 at ... fdc0: port ... perm devstat 0444 ... (freebsd-questions) usb devices dont "wake up" ... Copyright 1992-2008 The FreeBSD Project. ... <ACPI PCI bus> on pcib0 ... port ... soft updates support ... (freebsd-questions) Is FreeBSD ready for desktop (Mozilla Flash) ... monitor,, somehow the install fails to detect ... "Macromedia Flash plugin is not available for FreeBSD. ... I quote again "Install the www/linuxpluginwrapper port. ... servers, ... (comp.unix.bsd.freebsd.misc) Re: Disappointing speed with ZFS ... This way the drives are utilized much more, and same goes for the CPU. ... Copyright 1992-2008 The FreeBSD Project. ... acpi0: on motherboard ... port 0x6000-0x60ff mem 0xe8000000-0xefffffff,0xe0400000-0xe040ffff irq 16 at device 0.0 on pci15 ... (freebsd-current)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint