From owner-freebsd-security Thu May 31 14:22:59 2001 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id 1B27137B424 for ; Thu, 31 May 2001 14:22:57 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 74249 invoked by uid 1000); 31 May 2001 21:22:56 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 31 May 2001 21:22:56 -0000 Date: Thu, 31 May 2001 16:22:56 -0500 (CDT) From: Mike Silbersack To: Liran Dahan Cc: Subject: Re: ICMP Killed me and my machine In-Reply-To: <001601c0ea1f$19c069a0$b88f39d5@a> Message-ID: <20010531162124.B74220-100000@achilles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 1 Jun 2001, Liran Dahan wrote: > My machines are being attacked over hours and those are the only messages i found: > Jun 1 00:07:30 freebsd /kernel: Limiting icmp unreach response from 710 to 20 packets per second > Jun 1 00:05:49 freebsd /kernel: Limiting icmp unreach response from 1092 to 20 packets per second > i tonoz of messages like that... > > I Had Orange light ON - TRAF on my hub > But i was down including all my machines.. > > -Liran Dahan- (lirandb@netvision.net.il) Someone's definitely flooding you. You're going to have to use tcpdump, see if you can figure out what's hitting you, and have someone upstream filter it. There's probably nothing more you can do on the machines themselves. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message