Date: Wed, 9 Feb 2000 11:45:58 -0800 From: Alfred Perlstein <bright@wintelcom.net> To: John <papalia@udel.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ICMP_BANDLIM Message-ID: <20000209114558.B17536@fw.wintelcom.net> In-Reply-To: <4.1.20000209140745.009d5810@mail.udel.edu>; from papalia@udel.edu on Wed, Feb 09, 2000 at 02:10:55PM -0500 References: <4.1.20000209133845.0094c1c0@mail.udel.edu> <4.1.20000209133845.0094c1c0@mail.udel.edu> <20000209112923.Y17536@fw.wintelcom.net> <4.1.20000209140745.009d5810@mail.udel.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
* John <papalia@udel.edu> [000209 11:40] wrote: > >> Hey all... > >> > >> With all the attacks going on on yahoo, ebay, etrade, etc, it reminded of a > >> question I had a while back but forgot to ask... > >> > >> What exactly does the "ICMP_BANDLIM" kernel option do to provide > >> 'protection'? Not much in the LINT file on it, and I can't search, so I > >> thought I'd ask :) > > > >It restricts the amount of responces you will send in responce to bad > >packets. > > > >If someone is sending you 100mbit of grabage down your pipe, you don't > >want to overload the system and connection by forcing it to respond > >to each and every packet. > > So, in other words, it's pretty much a choke you put on your reponse (ex: > answer only 1 in every 1,000 ping requests you get from a particular IP ?). more like X per second, you'll only respond to the first 100/200/whatever packets you get in a second, see: ~ % sysctl -a | grep icmp net.inet.icmp.maskrepl: 0 net.inet.icmp.icmplim: 200 <------ here net.inet.icmp.drop_redirect: 0 net.inet.icmp.log_redirect: 0 net.inet.icmp.bmcastecho: 0 > If so, are there dynamic settings to it? Or is just a single kernel option > with no settings? And I'm also assuming that ICMP_BANDLIM is also a > stopper for ALL network traffic (overload), not just particular items? You can use sysctl to twiddle the limit. You can also try a patch I have for 3.x which is Warner's work backported from 4.0, I'd like to know if this 'helps' at all: http://www.freebsd.org/~alfred/releng3_tcp_fix.diff -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000209114558.B17536>