Date: Mon, 19 Feb 2001 13:29:30 -0800 (PST) From: Thomas Cannon <tcannon@noops.org> To: Andy Kim <andy@internetesl.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ICMP floods Message-ID: <Pine.BSF.4.21.0102191326050.1468-100000@sonar.noops.org> In-Reply-To: <20010219132029.P6641@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> * Andy Kim <andy@internetesl.com> [010219 13:18] wrote: > > Some of the servers have been getting hit several times with ICMP > > floods from our FreeBSD server and we can't figure out why. They > > believe that someone had hacked in and put a trojan on our box. > > Is there any way of finding out what's going on and more importantly, > > how to fix the problem? Any help would be greatly appreciated as > > I am rather new to FreeBSD. Hi Andy. What is being used to detect these ICMP floods? What version of FreeBSD do you have? Also, do you see anything in the FBSD machine's logs about icmp source-quench or bandwidth-limit icmp packets being issued? It's possible that the machine is broken, yes, but it's also possible that the measuring device is broken, or that something is misconfigured, or god only knows what. Cheers, tcannon Richard Feynman was a hacker; read any of his books. -Bruce Schneier To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0102191326050.1468-100000>