From owner-freebsd-questions Fri May 3 21: 7:32 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail.mango-bay.com (mail.mango-bay.com [208.206.15.12]) by hub.freebsd.org (Postfix) with ESMTP id 9775F37B417 for ; Fri, 3 May 2002 21:07:29 -0700 (PDT) Received: from barbish ([63.70.155.70]) by mail.mango-bay.com (Post.Office MTA v3.5.3 release 223 ID# 0-52377U2500L250S0V35) with SMTP id com for ; Sat, 4 May 2002 00:07:27 -0400 From: "Joe & Fhe Barbish" To: "FBSDQ" Subject: RE: Ping of death? Date: Sat, 4 May 2002 00:07:26 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20020504025925.GB5805@icarus.slightlystrange.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I believe this is a bug in 4.4 that gets fixed in 4.5. In the last 2-3 weeks this was discussed on the questions list. Check the archives for details. -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Daniel Bye Sent: Friday, May 03, 2002 10:59 PM To: freebsd-questions@FreeBSD.ORG Subject: Re: Ping of death? On Fri, May 03, 2002 at 05:58:20PM -0500, Steven Lake wrote: > I've got one box that's got absolutely horrible access speed to > the net but it's on a T1 line and no other machine is sharing the line. > Telco has tested the line and sees nothing wrong but were unable to do a > bandwidth or data test to see if it's just traffic or not. > > The line should be pushing the full 1.544mbps, but I'm barely able > to scrape 30k out of it. Any machine that connects to it goes through the > roof on the processor useage and dogs out. So I'm suspect of a possible > ping of death, but I wanted to rule out the local equipment first. But > since anything connecting to it to test this is gagged it's impossible to > do any tests. > > Does anyone have a way to monitor incoming traffic to find out if > you're being hit with a dos attack or should I ring telco again and have > them do a test on the T1 line to find the source? Check out iplog in /usr/ports/net. tcpdump *may* be useful too. Dan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message