Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 5 Apr 2000 19:32:10 -0400 (EDT)
From:      Pete Fritchman <petef@binary.databits.net>
To:        Doug Barton <Doug@gorean.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: icmp-response bandwidth limit question
Message-ID:  <Pine.BSF.4.21.0004051931160.19518-100000@binary.databits.net>
In-Reply-To: <Pine.BSF.4.21.0004051155540.24259-100000@dt051n0b.san.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
The firewall *doesn't* let ICMP through.

The port-scan explanation makes sense.
What is the kernel config to turn this off?

Regards,
Pete

On Wed, 5 Apr 2000, Doug Barton wrote:

> On Tue, 4 Apr 2000, Omachonu Ogali wrote:
> 
> > On Mon, 3 Apr 2000, Doug Barton wrote:
> > 
> > > Pete Fritchman wrote:
> > > > 
> > > > > icmp-response bandwidth limit 734/200 pps
> > > > > icmp-response bandwidth limit 729/200 pps
> > > > 
> > > > What do these indicate?
> > > 
> > > 	That your kernel is dropping everything over 200 ICMP packets per
> > > second.
> > 
> > It indicates that your kernel is dropping ICMP and/or TCP responses that
> > are coming out faster than 200 packets per second. It's limiting what's
> > coming OUT from you.
> 
> 	This option does not affect TCP responses. It's ICMP only.
> 
> > In this case, someone may have
> > been port scanning your machine and the kernel was eliciting RST's or ICMP
> > unreachables in return to non-open ports, and at the rate it was being
> > output it triggered ICMP response limiting.
> 
> 	That's possible, true. Although if they have a semi-decent
> firewall it shouldn't be allowing this type of port scanning activity. Of
> course, he didn't think his firewall would let through ICMP either...
> 
> 
> Doug
> -- 
>     "So, the cows were part of a dream that dreamed itself into
> existence? Is that possible?" asked the student incredulously.
>     The master simply replied, "Mu."
> 
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004051931160.19518-100000>