4.5-RELEASE kernel messages

4.5-RELEASE kernel messages

Post by Steve Philso » Sun, 10 Feb 2002 08:18:29



I just did a fresh install of 4.5-RELEASE, and it seems to be
generally fine, except for an incessant stream of messages, about
every 4 seconds:

Feb  8 16:50:38 pulse /kernel: Limiting closed port RST response
        from 201 to 200 packets per second
Feb  8 16:50:42 pulse /kernel: Limiting closed port RST response
        from 201 to 200 packets per second
Feb  8 16:52:58 pulse last message repeated 4 times
Feb  8 17:03:01 pulse last message repeated 28 times
Feb  8 17:13:15 pulse last message repeated 18 times

I don't recognize what this refers to, so I can't really do anything
about it.  Any ideas?

--

Director NMR Lab        612-626-0297
Chemistry Dept.         University of Minnesota

 
 
 

4.5-RELEASE kernel messages

Post by Philip Paep » Sun, 10 Feb 2002 08:26:01



> I just did a fresh install of 4.5-RELEASE, and it seems to be
> generally fine, except for an incessant stream of messages, about
> every 4 seconds:
> Feb  8 16:50:38 pulse /kernel: Limiting closed port RST response
>        from 201 to 200 packets per second

[...]

Quote:> Feb  8 17:13:15 pulse last message repeated 18 times

Congratulations, you've been portscanned.  The system is getting probes on
closed ports (usually SYN packets) faster than it likes, and limits the
response time for you.  This sort of thing gets logged, because it's assumed
an administrator doesn't like it happening... (correctly assumed, in my case).

Quote:> I don't recognize what this refers to, so I can't really do anything
> about it.  Any ideas?

Well, someone is looking for vulnerabilities in your setup.  He's looking for
unprotected d?mons.  Possibly, he might figure out what OS you're running if
you're a *very* standard setup (fascinating what you can do with TCP).
Generally, I'd try to figure out who's doing this by installing a packet
filter to log everything.  If it's someone local, I'd go over with a chainsaw,
if not, I'd send a message to the Abuse-service of his upstream provider.

To prevent anything serious: make sure all your d?mons are protected and that
you're not running any services which are prone to root exploits and other
undesirable events.

 - Philip

--

  History repeats itself.
  that's one of the things wrong with history.

 
 
 

4.5-RELEASE kernel messages

Post by Chuck Swige » Sun, 10 Feb 2002 08:29:25



> Feb  8 16:50:38 pulse /kernel: Limiting closed port RST response
>    from 201 to 200 packets per second
> Feb  8 16:50:42 pulse /kernel: Limiting closed port RST response
>    from 201 to 200 packets per second
> Feb  8 16:52:58 pulse last message repeated 4 times
> Feb  8 17:03:01 pulse last message repeated 28 times
> Feb  8 17:13:15 pulse last message repeated 18 times

> I don't recognize what this refers to, so I can't really do anything
> about it.  Any ideas?

Someone is port-scanning your machine (or worse), and it is limiting the
number of ICMP error responses to protect against a possible denial-of-service
attack.

-Chuck


       -------------+-------------------+-----------------------------------
       "The human race's favorite method for being in control of the facts
        is to ignore them."  -Celia Green

 
 
 

1. Upgrading 4.5 Release to 4.5 STABLE

Hi,

I have upgraded my firewall  using ipfilter with ipnat capablity.
Buildworld process went through smoothly.   But when booting with the
upgraded kernel, booting hangs at the "Local package initialization" ..but
if I hit CTRL-C, it will finish booting and let me log in, without user
intervention, it hangs.

The good part is the firewall allows traffic going in and out, does anyone
know how to get around this problem?

Thanks so much in advance.

Dan

2. Shell scripting about DATE command

3. kppp and multilink ppp options

4. linux-jdk14 dies on 4.3 release and 4.5 release I'm not insane!

5. <Q> How to find if solaris running in 32 or 64 bit?

6. 4.5 and 5.0 RELEASE hang at boot of kernel

7. ctime causing a lot of "memory in use"

8. linux-jdk14 dies on 4.3 release but not on 4.5 release

9. 4.5-RELEASE kernel panic

10. 4.5 and 5.0 RELEASE hang at boot of kernel

11. Remote Update from 4.4-RELEASE to 4.5-RELEASE

12. PROBLEM: AD1816A Sound Failure Upgrading to Kernel-2.4.5 from Kernel-2.2.19