From owner-freebsd-questions Wed Feb 9 11: 3: 7 2000 Delivered-To: freebsd-questions@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by builder.freebsd.org (Postfix) with ESMTP id 21171419E for ; Wed, 9 Feb 2000 11:03:00 -0800 (PST) Received: (from bright@localhost) by fw.wintelcom.net (8.9.3/8.9.3) id LAA07034; Wed, 9 Feb 2000 11:29:23 -0800 (PST) Date: Wed, 9 Feb 2000 11:29:23 -0800 From: Alfred Perlstein To: John Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ICMP_BANDLIM Message-ID: <20000209112923.Y17536@fw.wintelcom.net> References: <4.1.20000209133845.0094c1c0@mail.udel.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <4.1.20000209133845.0094c1c0@mail.udel.edu>; from papalia@udel.edu on Wed, Feb 09, 2000 at 01:40:20PM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * John [000209 11:10] wrote: > Hey all... > > With all the attacks going on on yahoo, ebay, etrade, etc, it reminded of a > question I had a while back but forgot to ask... > > What exactly does the "ICMP_BANDLIM" kernel option do to provide > 'protection'? Not much in the LINT file on it, and I can't search, so I > thought I'd ask :) It restricts the amount of responces you will send in responce to bad packets. If someone is sending you 100mbit of grabage down your pipe, you don't want to overload the system and connection by forcing it to respond to each and every packet. -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message