From owner-freebsd-security Thu Jan 27 7:42:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 9F0AE15603 for ; Thu, 27 Jan 2000 07:42:51 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id IAA05776; Thu, 27 Jan 2000 08:42:47 -0700 (MST) Message-Id: <4.2.2.20000127083643.03d86560@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 27 Jan 2000 08:40:12 -0700 To: Matthew Dillon From: Brett Glass Subject: Re: Riddle me this Cc: security@FreeBSD.ORG In-Reply-To: <200001270425.UAA18744@apollo.backplane.com> References: <200001270355.UAA01355@lariat.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 09:25 PM 1/26/2000 , Matthew Dillon wrote: > Well, certainly the 'failed to write packet back' has nothing to do > with the icmp bandwidth limiting -- the bandwidth limiting drops packets, > the sender would not see an error. Also, the bandwidth limiting only > drops kernel-generated icmp response packets for certain specific cases > unrelated to NAT. That's what I figured. The question, though, is what sort of attack or condition WOULD have caused the error. The machines behind this one are relatively safe because they're not addressable thanks to NAT. > What likely occured in the Jan 24 logs was some sort of continuous > problem for the time range indicated (19:18:59 -> 19:20:15), but only > exceeding the 100 pps threshold at a couple of points during that > period. Could be. I figure that the "continuous problem" was likely to have been an attack. The upstream link was down for several hours that week, and in fact the *backbone provider* was experiencing outages. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message