From owner-freebsd-security Fri Nov 23 12:16:41 2001 Delivered-To: freebsd-security@freebsd.org Received: from rly-ip01.mx.aol.com (rly-ip01.mx.aol.com [205.188.156.49]) by hub.freebsd.org (Postfix) with ESMTP id 7E2BD37B405 for ; Fri, 23 Nov 2001 12:16:24 -0800 (PST) Received: from logs-wc.proxy.aol.com (logs-wc.proxy.aol.com [205.188.193.5]) by rly-ip01.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0) with ESMTP id PAA22539 for ; Fri, 23 Nov 2001 15:16:03 -0500 (EST) Received: from blah (AC8B2D93.ipt.aol.com [172.139.45.147]) by logs-wc.proxy.aol.com (8.10.0/8.10.0) with SMTP id fANKB6Z320888 for ; Fri, 23 Nov 2001 15:11:07 -0500 (EST) Message-Id: <200111232011.fANKB6Z320888@logs-wc.proxy.aol.com> Date: Fri, 23 Nov 2001 20:27:22 +0100 To: security@freebsd.org From: eberkut Subject: Re: What's this? Organization: CNS / Minithins X-Mailer: Opera 5.11 build 904b X-Priority: 3 (Normal) Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Apparently-From: SinkSuffering@aol.com Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org 23/11/01 20:04:02, "Fernando Germano" a écrit: >I've found many of these, are these the result of a portscan or something >like that???, how do you read this line??? > >Nov 23 11:11:50 server /kernel: icmp-response bandwidth limit 187/100 pps >Nov 23 11:11:51 server /kernel: icmp-response bandwidth limit 264/100 pps Your kernel tells you that there is something provoking him to send more responses that he should according to the sysctl limits at net.inet.icmp.icmplim. 187/264 is the number of packets that the kernel would have sent if there was'nt the limit, 100 is the limit and pps means packet par second. This message could result of a portscan or a DoS (or a too small limit considering the traffic). see net.inet.icmp.icmplim to modify the limit and set net.inet.icmp.icmplim_output=0 to turn off the error messages. --eberkut ex diffinientium cognitione diffiniti resultat cognitio . Prelude : http://prelude.sf.net . CNS : http://minithins.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message