From owner-freebsd-security  Sat Dec 15  1:21:54 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.axelero.hu (cmail.axelero.hu [195.228.240.83])
	by hub.freebsd.org (Postfix) with SMTP id 95ADF37B405
	for <freebsd-security@freebsd.org>; Sat, 15 Dec 2001 01:21:51 -0800 (PST)
Received: (qmail 16333 invoked from network); 15 Dec 2001 10:21:49 +0100
Received: from adsl202.231.axelero.hu (HELO Picasso.Zahemszky.HU) (root@195.228.231.202)
  by mail.axelero.hu with SMTP; 15 Dec 2001 10:21:49 +0100
Received: (from zgabor@localhost)
	by Picasso.Zahemszky.HU (8.11.6/8.11.6) id fBF9O1000368
	for freebsd-security@freebsd.org; Sat, 15 Dec 2001 10:24:01 +0100 (CET)
	(envelope-from zgabor)
Date: Sat, 15 Dec 2001 10:24:01 +0100
From: =?iso-8859-1?Q?Zahemszky_G=E1bor?= <Gabor@Zahemszky.HU>
To: freebsd-security@freebsd.org
Subject: Re: Rate-limiting OPEN port RST response?
Message-ID: <20011215102401.A338@Picasso.Zahemszky.HU>
References: <20011215001404.A55184@ldc.ro>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011215001404.A55184@ldc.ro>; from razor@ldc.ro on Sat, Dec 15, 2001 at 12:14:04AM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sat, Dec 15, 2001 at 12:14:04AM +0200, Alex Popa wrote:
> Is there such a limitation active by default?  I am seeing the following
> message:
> Limiting open port RST response from 337 to 200 packets per second
> on my home machine, connected through a 14k modem to the net.  I also
> have net.inet.{tcp,udp}.log_in_vain enabled, and have seen no messages
> from these facilities.

Yes, the not-so-logically-named:
net.inet.icmp.icmplim sysctl limits this, too (and not only ICMP responses).
And yes, it's default value is 200 :-)

ZGabor < Gabor at Zahemszky dot HU >

-- 
#!/bin/ksh
Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X"

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message