Re: How to diagnose "Limiting closed port RST response from 213 to 205 packets/sec" ?

From: Kevin Oberman <rkoberman_at_gmail.com>
Date: Sat, 31 Aug 2024 19:02:11 UTC
On Sat, Aug 31, 2024 at 7:32 AM Pete French <pete@twisted.org.uk> wrote:

> So I am running some servers with 14.1-STABLE, pretty standard - Apache
> + mysql setup, and I am seeing a lot of the above messages. I have
> always seen these form time to time, but recently I have had compmnaits
> from a customer about the webservers being unavailable, and the times
> they give correspond to bursts of these errors.
>
> I dont see any other errors, and am wondering how to get more info about
> this message. Knowing if its IPv4 or IPv6 would be nice. Knowing the
> port that is closed would be ideal. I have a feeling that the closed
> port is the one which Apaxche is suppsoed to be listenin gon (I cant
> think of nay other ports which would get hammered), but that should
> never be closed.
>
> Any advice ?
>
> -pete.
>

These are not errors. It is telling you that someone is likely doing
something wrong, probably by error but possibly rudely.

I believe that it means that a closed port is receiving a lot of SYNs. See
the discussion on BSD forums
<https://forums.freebsd.org/threads/limiting-closed-port-rst-response.72131/>
.


-- 
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683