From owner-freebsd-questions  Wed Apr  5 11:59: 0 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11])
	by hub.freebsd.org (Postfix) with ESMTP id EA7ED37BE56
	for <freebsd-questions@freebsd.org>; Wed,  5 Apr 2000 11:58:56 -0700 (PDT)
	(envelope-from Doug@gorean.org)
Received: from slave (doug@slave [10.0.0.1])
	by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id LAA24332;
	Wed, 5 Apr 2000 11:58:52 -0700 (PDT)
	(envelope-from Doug@gorean.org)
Date: Wed, 5 Apr 2000 11:58:52 -0700 (PDT)
From: Doug Barton <Doug@gorean.org>
X-Sender: doug@dt051n0b.san.rr.com
To: Omachonu Ogali <oogali@intranova.net>
Cc: Pete Fritchman <petef@binary.databits.net>,
	freebsd-questions@freebsd.org
Subject: Re: icmp-response bandwidth limit question
In-Reply-To: <Pine.BSF.4.10.10004041607550.93547-100000@hydrant.intranova.net>
Message-ID: <Pine.BSF.4.21.0004051155540.24259-100000@dt051n0b.san.rr.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 4 Apr 2000, Omachonu Ogali wrote:

> On Mon, 3 Apr 2000, Doug Barton wrote:
> 
> > Pete Fritchman wrote:
> > > 
> > > > icmp-response bandwidth limit 734/200 pps
> > > > icmp-response bandwidth limit 729/200 pps
> > > 
> > > What do these indicate?
> > 
> > 	That your kernel is dropping everything over 200 ICMP packets per
> > second.
> 
> It indicates that your kernel is dropping ICMP and/or TCP responses that
> are coming out faster than 200 packets per second. It's limiting what's
> coming OUT from you.

	This option does not affect TCP responses. It's ICMP only.

> In this case, someone may have
> been port scanning your machine and the kernel was eliciting RST's or ICMP
> unreachables in return to non-open ports, and at the rate it was being
> output it triggered ICMP response limiting.

	That's possible, true. Although if they have a semi-decent
firewall it shouldn't be allowing this type of port scanning activity. Of
course, he didn't think his firewall would let through ICMP either...


Doug
-- 
    "So, the cows were part of a dream that dreamed itself into
existence? Is that possible?" asked the student incredulously.
    The master simply replied, "Mu."




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message