From owner-freebsd-security  Thu Nov  2 10: 1:58 2000
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139])
	by hub.freebsd.org (Postfix) with ESMTP id C823937B4CF
	for <security@FreeBSD.ORG>; Thu,  2 Nov 2000 10:01:56 -0800 (PST)
Received: (qmail 32202 invoked by uid 1000); 2 Nov 2000 18:01:55 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 2 Nov 2000 18:01:55 -0000
Date: Thu, 2 Nov 2000 12:01:55 -0600 (CST)
From: Mike Silbersack <silby@silby.com>
To: Buliwyf McGraw <buliwyf@libertad.univalle.edu.co>
Cc: security@FreeBSD.ORG
Subject: Re: Console Message II
In-Reply-To: <Pine.BSF.4.21.0011021222030.4623-100000@libertad.univalle.edu.co>
Message-ID: <Pine.BSF.4.21.0011021200320.32075-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Thu, 2 Nov 2000, Buliwyf McGraw wrote:

>  In this moment i am using ipf in the box which is showing de message:
>  "icmp-response bandwidth limit".
>  It doesnt happen all time, just some days for a few 
>  When the message appears, the "System Load" grows to 5 or more, until
>  the server crash!
>  My question is:
> 
>  If i put this line in my "ipf rules" file: 
>  block in proto icmp all
> 
>  What kind of problems could i get for this restriction???

That restriction won't help at all.  You're either being attacked in some
way, being used to attack someone, or being framed as attacking someone.

What you need to to is setup a sniffer and figure out what's going on.

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message