From owner-freebsd-questions Wed Feb 9 13:51:59 2000 Delivered-To: freebsd-questions@freebsd.org Received: from wondermutt.net (host75-157.student.udel.edu [128.175.75.157]) by builder.freebsd.org (Postfix) with ESMTP id E27964196 for ; Wed, 9 Feb 2000 13:51:48 -0800 (PST) Received: from morgaine (morgaine.wondermutt.net [192.168.1.2]) by wondermutt.net (8.9.3/8.9.3) with SMTP id QAA88798; Wed, 9 Feb 2000 16:54:09 -0500 (EST) (envelope-from papalia@udel.edu) Message-Id: <4.1.20000209164521.0094f660@mail.udel.edu> X-Sender: papalia@mail.udel.edu X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 09 Feb 2000 16:48:40 -0500 To: Alfred Perlstein From: John Subject: Re: ICMP_BANDLIM Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: <20000209114558.B17536@fw.wintelcom.net> References: <4.1.20000209140745.009d5810@mail.udel.edu> <4.1.20000209133845.0094c1c0@mail.udel.edu> <4.1.20000209133845.0094c1c0@mail.udel.edu> <20000209112923.Y17536@fw.wintelcom.net> <4.1.20000209140745.009d5810@mail.udel.edu> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >> >> With all the attacks going on on yahoo, ebay, etrade, etc, it reminded >of a >> >> question I had a while back but forgot to ask... >> >> >> >> What exactly does the "ICMP_BANDLIM" kernel option do to provide >> >> 'protection'? Not much in the LINT file on it, and I can't search, so I >> >> thought I'd ask :) >> > >> >It restricts the amount of responces you will send in responce to bad >> >packets. >> > >> >If someone is sending you 100mbit of grabage down your pipe, you don't >> >want to overload the system and connection by forcing it to respond >> >to each and every packet. >> >> So, in other words, it's pretty much a choke you put on your reponse (ex: >> answer only 1 in every 1,000 ping requests you get from a particular IP ?). > >more like X per second, you'll only respond to the first 100/200/whatever >packets you get in a second, see: > >~ % sysctl -a | grep icmp >net.inet.icmp.maskrepl: 0 >net.inet.icmp.icmplim: 200 <------ here >net.inet.icmp.drop_redirect: 0 >net.inet.icmp.log_redirect: 0 >net.inet.icmp.bmcastecho: 0 > >> If so, are there dynamic settings to it? Or is just a single kernel option >> with no settings? And I'm also assuming that ICMP_BANDLIM is also a >> stopper for ALL network traffic (overload), not just particular items? > >You can use sysctl to twiddle the limit. I guess this raises another question though - how do you tell what kind of limit would be a "correct" setting for your particular server? In other words, how do I know what my equipment can handle adequately? I'm also working on the assumption that all packets beyond the X per second are merely dropped? >You can also try a patch I have for 3.x which is Warner's work backported >from 4.0, I'd like to know if this 'helps' at all: > >http://www.freebsd.org/~alfred/releng3_tcp_fix.diff I would like to try the patch, just to see if there's a difference. I'm actually not (yet) experiencing any problems - I just wanted to make sure I fully understood everything that I had put into my kernel =) Your .diff raises another question for me though - how would I go about "manually" integrating that diff into my source tree? And then, could i just build that one file, or do you build the whole sys directory, or must you rebuild the world? This last item would cause another problem, which I'll post in a separate posting..... Thanks agian for your help, John To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message