FreeBSD: Limiting closed port RST response

One of the nifty things about FreeBSD's kernel is that it will limit closed port RST responses, which, in layman's terms, just means that if someone repeatedly hits a port that's closed, the kernel won't respond to all of the requests.

You generally get something like this in the system log:

kernel: Limiting closed port RST response from 211 to 200 packets/sec
rkrhkr kernel: Limiting closed port RST response from203 to 200 packets/sec

In certain situations, this functionality might be undesirable. For example, if you're running an IDS like snort or a vulnerability scanner like nessus, these responses might be helpful. If you want to disable this functionality, just add the following to /etc/sysctl.conf:

net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1

This entry was posted on 06/06/2007 (Wednesday) at 10:42 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.
Printed from: http://rackerhacker.com/2007/06/06/freebsd-limiting-closed-port-rst-response/ .
© Major Hayden 2012.

2 Comments   »

  • read says:
    14.03.11 at 03:46

    3x for your blog. Useful information for me.

  • Israel Brazilian Guy says:
    24.08.11 at 07:21

    Thanks man! After 4 years of posted, this helped my life!! Much useful information to me too!!


RSS feed for comments on this post

Leave a Reply

 

  • Welcome! I started this blog as a way to give back to all of the other system administrators who have taught me something in the past. Writing these posts brings me a lot of enjoyment and I hope you find the information useful. If you spot something that's incorrect or confusing, please write a comment and let me know. Drop me a line if there's something you want to know more about and I'll do my best to write a post on the topic.
    -- Major Hayden

    Flattr this