Date: Thu, 27 Jan 2000 09:45:27 -0800 (PST) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: sameh@fr.clara.net (Sameh Ghane) Cc: scrappy@hub.org (The Hermit Hacker), freebsd-stable@FreeBSD.ORG Subject: Re: icmp-response bandwidth limit 103/100 pps Message-ID: <200001271745.JAA77414@gndrsh.dnsmgr.net> In-Reply-To: <20000127145504.A444@noc.fr.clara.net> from Sameh Ghane at "Jan 27, 2000 02:55:05 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
[Charset iso-8859-1 unsupported, filtering to ASCII...] > Le Thu, Jan 27, 2000 at 09:40:10AM -0400, The Hermit Hacker _crivit: > > > > I just want to confirm ... this means I'm being ping-flooded, or? > > Ping-flooded, or port-scanned, or too many connections to a port > with no daemon listening... > > > its a > > near-continuous stream and makes it difficult to do anything on the > > console :( Is there a way of getting rid of it? > > remove the line: > options ICMP_BANDLIM Do not remove that option, if you are infact being hit by stream.c or any of the other later attacks removing this will make it a far worse DOS. > in your kernel config file, or tell syslog not to print kernel > messages to the console. Or better yet get ipfw/ipfilter setup and find and filter what is causing the problem. > > icmp-response bandwidth limit 103/100 pps > > icmp-response bandwidth limit 102/100 pps > > icmp-response bandwidth limit 103/100 pps > > icmp-response bandwidth limit 102/100 pps > ... > -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001271745.JAA77414>