From owner-freebsd-questions Sat Feb 24 0:50:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from shell.bchosting.com (shell.bchosting.com [64.69.68.35]) by hub.freebsd.org (Postfix) with ESMTP id DD9A537B4EC for ; Sat, 24 Feb 2001 00:50:16 -0800 (PST) (envelope-from chris@selkie.org) Received: from localhost (chris@localhost) by shell.bchosting.com (8.11.0/8.11.0) with ESMTP id f1O8oaK36009; Sat, 24 Feb 2001 00:50:36 -0800 (PST) (envelope-from chris@selkie.org) X-Authentication-Warning: shell.bchosting.com: chris owned process doing -bs Date: Sat, 24 Feb 2001 00:50:36 -0800 (PST) From: Chris Phillips X-Sender: chris@shell.bchosting.com To: Brent Cc: FreeBSD Questions Subject: Re: icmp-response bandwidth limit In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 24 Feb 2001, Brent wrote: > I have looked up this error, and it says it could be a icmp attack, is there > a way to see if this is true. Also what are some ways to protect myself > from a icmp attack? This is some of what I am getting from ipfw: Actually it is a kernel option that is generating those messages. > icmp-response bandwidth limit 213/200 pps > icmp-response bandwidth limit 323/200 pps > icmp-response bandwidth limit 300/200 pps > icmp-response bandwidth limit 219/200 pps > icmp-response bandwidth limit 201/200 pps > icmp-response bandwidth limit 272/200 pps This is typical of a port scan. If you nmap your own box it would likely replicate this behaviour. If you want to know what it is and where it is coming from start logging all the icmp traffic with ipfw and analyze the log. Another nifty tool is snort. Protecting yourself from an icmp attack is usually done with a firewall such as ipfw. -Chris Phillips To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message