From owner-freebsd-current@freebsd.org Tue Dec 13 15:30:10 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68E40C75454 for ; Tue, 13 Dec 2016 15:30:10 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from tensor.andric.com (tensor.andric.com [IPv6:2001:7b8:3a7:1:2d0:b7ff:fea0:8c26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "tensor.andric.com", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2F8CA192A for ; Tue, 13 Dec 2016 15:30:10 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from coleburn.avinity.tv (unknown [77.95.97.98]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tensor.andric.com (Postfix) with ESMTPSA id 0C43112B1D; Tue, 13 Dec 2016 16:30:06 +0100 (CET) Content-Type: multipart/signed; boundary="Apple-Mail=_E224AE77-2ABC-47E2-B1AC-99EF64BEBC1D"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: Log spam: Limiting * response from 1 to 200 packets/sec From: Dimitry Andric In-Reply-To: <630314dc-e14f-02e7-aa48-4456b0feeef9@protected-networks.net> Date: Tue, 13 Dec 2016 16:29:55 +0100 Cc: FreeBSD Current Message-Id: <8332C070-E7C8-4CF3-B5DF-2355D9FA20D1@FreeBSD.org> References: <630314dc-e14f-02e7-aa48-4456b0feeef9@protected-networks.net> To: Michael Butler X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2016 15:30:10 -0000 --Apple-Mail=_E224AE77-2ABC-47E2-B1AC-99EF64BEBC1D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 13 Dec 2016, at 16:24, Michael Butler = wrote: >=20 > Any hints as to why all of my -current equipment is complaining like = below. Somebody is most likely port scanning your machines. I see this all the time on boxes connected to the internet. > Is there a sysctl to moderate/turn this off? >=20 > Dec 13 10:00:01 archive kernel: Limiting icmp unreach response from 1 = to 200 packets/sec > Dec 13 10:00:21 archive last message repeated 13 times > Dec 13 10:02:21 archive last message repeated 18 times > Dec 13 10:06:21 archive last message repeated 36 times > Dec 13 10:07:11 archive kernel: Limiting icmp ping response from 1 to = 200 packets/sec > Dec 13 10:07:55 archive kernel: Limiting icmp unreach response from 1 = to 200 packets/sec > Dec 13 10:08:21 archive last message repeated 17 times > Dec 13 10:08:37 archive kernel: Limiting closed port RST response from = 4 to 200 packets/sec > Dec 13 10:09:55 archive kernel: Limiting icmp unreach response from 1 = to 200 packets/sec > Dec 13 10:10:21 archive last message repeated 17 times > Dec 13 10:12:21 archive last message repeated 18 times > Dec 13 10:12:28 archive kernel: Limiting icmp ping response from 1 to = 200 packets/sec > Dec 13 10:13:55 archive kernel: Limiting icmp unreach response from 1 = to 200 packets/sec > Dec 13 10:14:21 archive last message repeated 17 times > Dec 13 10:16:21 archive last message repeated 18 times sysctl net.inet.icmp.icmplim_output=3D0, or increase the ICMP limit, if you want to help the port scanners. :-) -Dimitry --Apple-Mail=_E224AE77-2ABC-47E2-B1AC-99EF64BEBC1D Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.30 iEYEARECAAYFAlhQE/wACgkQsF6jCi4glqOllACgjjwjCexO6fRJHIB+/gpDmp1s jhwAnjGdOYULj4H2ulYB0rTf+CoOyTjh =Ik20 -----END PGP SIGNATURE----- --Apple-Mail=_E224AE77-2ABC-47E2-B1AC-99EF64BEBC1D--