From owner-freebsd-security  Thu May 31 14:26:30 2001
Delivered-To: freebsd-security@freebsd.org
Received: from rembrandt.esys.ca (rembrandt.esys.ca [198.161.92.131])
	by hub.freebsd.org (Postfix) with ESMTP id 2842737B42C
	for <freebsd-security@FreeBSD.ORG>; Thu, 31 May 2001 14:26:27 -0700 (PDT)
	(envelope-from cory.vokey@messagingdirect.com)
Received: from elbrus (elbrus.esys.ca [198.161.92.83])
	by rembrandt.esys.ca (8.11.0.Beta0/8.11.0.Beta0) with SMTP id f4VLQ9S12835;
	Thu, 31 May 2001 15:26:09 -0600
Message-ID: <007701c0ea18$811278c0$535ca1c6@elbrus>
From: "Cory Vokey" <cory.vokey@messagingdirect.com>
To: "Mike Silbersack" <silby@silby.com>,
	"Liran Dahan" <lirandb@netvision.net.il>
Cc: <freebsd-security@FreeBSD.ORG>
References: <20010531162124.B74220-100000@achilles.silby.com>
Subject: Re: ICMP Killed me and my machine
Date: Thu, 31 May 2001 15:27:33 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.3018.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Using tcpdump, find the source I.P address of who's
hitting you and set up a rule using ipfw to block it.

Cory Vokey.


----- Original Message -----
From: "Mike Silbersack" <silby@silby.com>
To: "Liran Dahan" <lirandb@netvision.net.il>
Cc: <freebsd-security@FreeBSD.ORG>
Sent: Thursday, May 31, 2001 3:22 PM
Subject: Re: ICMP Killed me and my machine


>
> On Fri, 1 Jun 2001, Liran Dahan wrote:
>
> > My machines are being attacked over hours and those are the only
messages i found:
> > Jun  1 00:07:30 freebsd /kernel: Limiting icmp unreach response from 710
to 20 packets per second
> > Jun  1 00:05:49 freebsd /kernel: Limiting icmp unreach response from
1092 to 20 packets per second
> > i tonoz of messages like that...
> >
> > I Had Orange light ON - TRAF on my hub
> > But i was down including all my machines..
> >
> > -Liran Dahan- (lirandb@netvision.net.il)
>
> Someone's definitely flooding you.  You're going to have to use tcpdump,
> see if you can figure out what's hitting you, and have someone upstream
> filter it.  There's probably nothing more you can do on the machines
> themselves.
>
> Mike "Silby" Silbersack
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message