Date: Fri, 23 Nov 2001 20:27:22 +0100 From: eberkut <eberkut@minithins.net> To: security@freebsd.org Subject: Re: What's this? Message-ID: <200111232011.fANKB6Z320888@logs-wc.proxy.aol.com>
next in thread | raw e-mail | index | archive | help
23/11/01 20:04:02, "Fernando Germano" <fgermano@audiotel.com.ar> a écrit: >I've found many of these, are these the result of a portscan or something >like that???, how do you read this line??? > >Nov 23 11:11:50 server /kernel: icmp-response bandwidth limit 187/100 pps >Nov 23 11:11:51 server /kernel: icmp-response bandwidth limit 264/100 pps Your kernel tells you that there is something provoking him to send more responses that he should according to the sysctl limits at net.inet.icmp.icmplim. 187/264 is the number of packets that the kernel would have sent if there was'nt the limit, 100 is the limit and pps means packet par second. This message could result of a portscan or a DoS (or a too small limit considering the traffic). see net.inet.icmp.icmplim to modify the limit and set net.inet.icmp.icmplim_output=0 to turn off the error messages. --eberkut ex diffinientium cognitione diffiniti resultat cognitio . Prelude : http://prelude.sf.net . CNS : http://minithins.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111232011.fANKB6Z320888>