Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 May 2003 14:49:11 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Olga Zenkova <siro200@yahoo.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: icmp-response bandwidth limit
Message-ID:  <20030513134911.GA55215@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <20030513133202.78310.qmail@web9605.mail.yahoo.com>
References:  <20030513133202.78310.qmail@web9605.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--envbJBWh7q8WU6mo
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 13, 2003 at 06:32:02AM -0700, Olga Zenkova wrote:
> Hi all!
> Please help. Get a lot of messages: "/kernel:
> icmp-response bandwidth limit nnn", where nnn is some
> different from time to time number. Have much traffic.
> Please help. What's happening?

Someone is flooding you with packets a lot of which are for ports
where there is no program listening, and your kernel is trying to
respond by sending out ICMP 'port unreachable' packets, but it refuses
to fill up too much outgoing bandwidth by doing that.

You should run tcpdump to capture some of the traffic and examine it
for clues as to what's going on.  This can be someone port-scanning
you or a deliberate attempt to DoS you or it may be the result of some
machine being infected by a Worm program or it can be the result of a
simple mistake or hardware failure somewhere in your site or a nearby
network.

In the short term you can suppress the ICMP response by:

    # sysctl net.inet.tcp.blackhole=3D2
    # sysctl net.inet.udp.blackhole=3D1

(See blackhole(4), sysctl(8) and sysctl.conf(5)), but for general use,
ipfw(8) or ipf(8) are your friends.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--envbJBWh7q8WU6mo
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE+wPfXdtESqEQa7a0RAkhCAKCP7P6dEj2YVdbcvNbDCPrveGtNVQCdFJAZ
d8EBXn3pH934/FLhf5ipFIs=
=P+6Q
-----END PGP SIGNATURE-----

--envbJBWh7q8WU6mo--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030513134911.GA55215>