> I just did a fresh install of 4.5-RELEASE, and it seems to be
> generally fine, except for an incessant stream of messages, about
> every 4 seconds:
> Feb 8 16:50:38 pulse /kernel: Limiting closed port RST response
> from 201 to 200 packets per second
Quote:> Feb 8 17:13:15 pulse last message repeated 18 times
Congratulations, you've been portscanned. The system is getting probes on
closed ports (usually SYN packets) faster than it likes, and limits the
response time for you. This sort of thing gets logged, because it's assumed
an administrator doesn't like it happening... (correctly assumed, in my case).
Quote:> I don't recognize what this refers to, so I can't really do anything
> about it. Any ideas?
Well, someone is looking for vulnerabilities in your setup. He's looking for
unprotected d?mons. Possibly, he might figure out what OS you're running if
you're a *very* standard setup (fascinating what you can do with TCP).
Generally, I'd try to figure out who's doing this by installing a packet
filter to log everything. If it's someone local, I'd go over with a chainsaw,
if not, I'd send a message to the Abuse-service of his upstream provider.
To prevent anything serious: make sure all your d?mons are protected and that
you're not running any services which are prone to root exploits and other
History repeats itself.
that's one of the things wrong with history.