major.io words of wisdom from a systems engineer

FreeBSD: Limiting closed port RST response

One of the nifty things about FreeBSD’s kernel is that it will limit closed port RST responses, which, in layman’s terms, just means that if someone repeatedly hits a port that’s closed, the kernel won’t respond to all of the requests.

You generally get something like this in the system log:

kernel: Limiting closed port RST response from 211 to 200 packets/sec
kernel: Limiting closed port RST response from203 to 200 packets/sec

In certain situations, this functionality might be undesirable. For example, if you’re running an IDS like snort or a vulnerability scanner like nessus, these responses might be helpful. If you want to disable this functionality, just add the following to /etc/sysctl.conf:

net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1