From owner-freebsd-hackers  Wed May 10 13:36:40 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from jestocost.cosc.morrisville.edu (jestocoast.cosc.morrisville.edu [136.204.176.67])
	by hub.freebsd.org (Postfix) with ESMTP id 6D1C437B91F
	for <freeBSD-hackers@freebsd.org>; Wed, 10 May 2000 13:36:18 -0700 (PDT)
	(envelope-from mrbond@jestocost.cosc.morrisville.edu)
Received: (from root@localhost)
	by jestocost.cosc.morrisville.edu (8.9.3/8.9.3) id QAA11129
	for freeBSD-hackers@freebsd.org; Wed, 10 May 2000 16:32:08 -0400 (EDT)
	(envelope-from mrbond)
Date: Wed, 10 May 2000 16:32:08 -0400 (EDT)
From: James Bond <mrbond@jestocost.cosc.morrisville.edu>
Message-Id: <200005102032.QAA11129@jestocost.cosc.morrisville.edu>
To: freeBSD-hackers@freebsd.org
Subject: icmp-response error
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello hackers.
I am getting an error message on my box's console that I don't know why I
am getting. the log file shows:

May  9 23:28:35 djoan /kernel: icmp-response bandwith limit 564/100 pps
May  9 23:28:36 djoan /kernel: icmp-response bandwith limit 1277/100 pps
May  9 23:28:37 djoan /kernel: icmp-response bandwith limit 1985/100 pps

The console shows more of the same message but they didn't end up in the log.

Is this a result of some type of attack? If it is, how can I set up my box
to get more information like what ip it is coming from?.

the only other thing that I can see that I don't understand is two connections
in my netstat that I don't know why they are there:

Active Internet connections
Proto Recv-Q Send-Q Local Address         Foreign Address       (state)
tcp        0      0 djoan.telnet          136.204.177.9.1847    ESTABLISHED
tcp        0     40 djoan.ssh             jestocost.1950        ESTABLISHED
tcp        0      0 djoan.1180            irc.Stanford.EDU.6667 ESTABLISHED
tcp        0      0 djoan.telnet          136.204.176.156.1030  ESTABLISHED
tcp        0      0 djoan.1144            irc-w1.concentri.6667 ESTABLISHED
udp        0      0 djoan.1171            snymoraa.morrisv.doma 
Active UNIX domain sockets
Address  Type   Recv-Q Send-Q    Inode     Conn     Refs  Nextref Addr
c4c07f40 stream      0      0 c4bfa280        0        0        0 /var/run/printer
c4c07ec0 dgram       0      0        0 c4bfdfc0        0 c4c07e40
c4c07e40 dgram       0      0        0 c4bfdfc0        0 c4c07f00
c4c07f00 dgram       0      0        0 c4bfdfc0        0 c4c07f80
c4c07f80 dgram       0      0        0 c4bfdfc0        0 c4c07fc0
c4c07fc0 dgram       0      0        0 c4bfdfc0        0        0
c4bfdfc0 dgram    4068      0 c4bfcbc0        0 c4c07ec0        0 /var/run/log

I don't know why the two irc servers are connected, or what the ports are
for. None of my other boxes show anything unusual.

When it comes to ip I am still learning how to protect myself. Any information
will be appreciated, as well as pointers to web pages or man pages of course.

Thank you for any help.

James.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message