From owner-freebsd-security Thu May 31 14:21: 3 2001 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id A6B4137B43C for ; Thu, 31 May 2001 14:20:54 -0700 (PDT) (envelope-from roman@xpert.com) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.13 #1) id 155Zsg-000814-00 for freebsd-security@freebsd.org; Fri, 01 Jun 2001 00:21:22 +0300 Date: Fri, 1 Jun 2001 00:20:42 +0300 (IDT) From: Roman Shterenzon To: Liran Dahan Subject: Re: ICMP Killed me and my machine In-Reply-To: <001601c0ea1f$19c069a0$b88f39d5@a> Message-ID: Organization: Xpert UNIX Systems Ltd. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I believe that you've been smurfed with fake src addresses. Or, your routing table is not right. The only way to find out the truth is to run tcpdump(1) or other sniffer. Take care. On Fri, 1 Jun 2001, Liran Dahan wrote: > My machines are being attacked over hours and those are the only messages i found: > Jun 1 00:07:30 freebsd /kernel: Limiting icmp unreach response from 710 to 20 packets per second > Jun 1 00:05:49 freebsd /kernel: Limiting icmp unreach response from 1092 to 20 packets per second > i tonoz of messages like that... > > I Had Orange light ON - TRAF on my hub > But i was down including all my machines.. > > -Liran Dahan- (lirandb@netvision.net.il) > --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message