From owner-freebsd-security  Thu Nov  2  9: 6:53 2000
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139])
	by hub.freebsd.org (Postfix) with ESMTP id 49AEE37B479
	for <security@FreeBSD.ORG>; Thu,  2 Nov 2000 09:06:49 -0800 (PST)
Received: (qmail 32084 invoked by uid 1000); 2 Nov 2000 17:06:48 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 2 Nov 2000 17:06:48 -0000
Date: Thu, 2 Nov 2000 11:06:48 -0600 (CST)
From: Mike Silbersack <silby@silby.com>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: James Lim <jameslpin@pacific.net.sg>,
	Moritz Hardt <mhardt@morix.de>,
	Buliwyf McGraw <buliwyf@libertad.univalle.edu.co>,
	security@FreeBSD.ORG
Subject: Re: Console Message
In-Reply-To: <xzpofzymvyc.fsf@flood.ping.uio.no>
Message-ID: <Pine.BSF.4.21.0011021105130.32075-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On 2 Nov 2000, Dag-Erling Smorgrav wrote:

> Mike Silbersack <silby@silby.com> writes:
> > There's little reason to raise the limit.  Most likely he was seeing the
> > rate limiting of RST packets caused by an nmap of his box.  If he raises
> > the limit, nmap will just scan faster next time.
> 
> No. RST are TCP packets, not ICMP packets, and they're not rate-
> limited. These were either echo replies (ping flood) or Aunreachables
> (port scan).
> 
> DES

Actually, RST and icmp unreachables are rate limited, icmp echo
(requests) are not.  I got bored and started on a patch which also limits
echos and tells exactly what it's limiting, should be done tomorrow.

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message