Date: Thu, 31 May 2001 15:27:33 -0600 From: "Cory Vokey" <cory.vokey@messagingdirect.com> To: "Mike Silbersack" <silby@silby.com>, "Liran Dahan" <lirandb@netvision.net.il> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: ICMP Killed me and my machine Message-ID: <007701c0ea18$811278c0$535ca1c6@elbrus> References: <20010531162124.B74220-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Using tcpdump, find the source I.P address of who's hitting you and set up a rule using ipfw to block it. Cory Vokey. ----- Original Message ----- From: "Mike Silbersack" <silby@silby.com> To: "Liran Dahan" <lirandb@netvision.net.il> Cc: <freebsd-security@FreeBSD.ORG> Sent: Thursday, May 31, 2001 3:22 PM Subject: Re: ICMP Killed me and my machine > > On Fri, 1 Jun 2001, Liran Dahan wrote: > > > My machines are being attacked over hours and those are the only messages i found: > > Jun 1 00:07:30 freebsd /kernel: Limiting icmp unreach response from 710 to 20 packets per second > > Jun 1 00:05:49 freebsd /kernel: Limiting icmp unreach response from 1092 to 20 packets per second > > i tonoz of messages like that... > > > > I Had Orange light ON - TRAF on my hub > > But i was down including all my machines.. > > > > -Liran Dahan- (lirandb@netvision.net.il) > > Someone's definitely flooding you. You're going to have to use tcpdump, > see if you can figure out what's hitting you, and have someone upstream > filter it. There's probably nothing more you can do on the machines > themselves. > > Mike "Silby" Silbersack > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007701c0ea18$811278c0$535ca1c6>