FreeBSD Mail Archives

Date:      Mon, 28 Aug 2000 13:31:06 -0400
From:      "Shane Hale" <shale@bricsnet.com>
To:        <freebsd-security@freebsd.org>
Message-ID:  <CCEDJBBFHBFABONEPKICOECHCDAA.shale@bricsnet.com>

index | next in thread | raw e-mail


[-- Attachment #1 --]

Hello

I have a machine that's getting attacked regularly.

(Yes i know my clock is wrong... 1886809 seconds fast to be exact)

Sep 19 00:17:54 shell /kernel: icmp-response bandwidth limit 3491/200 pps
Sep 19 00:17:55 shell /kernel: icmp-response bandwidth limit 3499/200 pps
Sep 19 00:17:56 shell /kernel: icmp-response bandwidth limit 3505/200 pps
Sep 19 00:17:57 shell /kernel: icmp-response bandwidth limit 3503/200 pps
Sep 19 00:17:58 shell /kernel: icmp-response bandwidth limit 3505/200 pps
Sep 19 00:17:59 shell /kernel: icmp-response bandwidth limit 3502/200 pps
Sep 19 00:18:00 shell /kernel: icmp-response bandwidth limit 3488/200 pps
Sep 19 00:18:01 shell /kernel: icmp-response bandwidth limit 3491/200 pps
Sep 19 00:18:02 shell /kernel: icmp-response bandwidth limit 3494/200 pps
Sep 19 00:18:03 shell /kernel: icmp-response bandwidth limit 3491/200 pps
Sep 19 00:18:04 shell /kernel: icmp-response bandwidth limit 3497/200 pps
Sep 19 00:18:05 shell /kernel: icmp-response bandwidth limit 3501/200 pps
Sep 19 00:18:06 shell /kernel: icmp-response bandwidth limit 3504/200 pps
Sep 19 00:18:07 shell /kernel: icmp-response bandwidth limit 3485/200 pps
Sep 19 00:18:27 shell /kernel: icmp-response bandwidth limit 1599/200 pps

(This went on for about 15 minutes, and caused my network to be slow as
molasses and a traceroute from home stopped at the router that routes my
C-Class)

I have ICMP bandwith limiting on the machine being attacked, but...

- how can i trace who's attacking me
- what exactly are they trying to do
- how does ICMP_BANDWITH Limiting work

If there is anyone who can help me, i'd appreciate it.


Shane Hale
Systems Administration
Bricsnet, Inc
Suite 601, 2300 Yonge Street, Box 2361 / Toronto, Ontario / M4P 1E4 / Canada
Phone: +1(416)489-9000 ext. 304 Fax: +1(416)489-3201
Email: shale@bricsnet.com Web: http://www.bricsnet.com

__________________________________________
Bricsnet Inc.
Bricsnet.com is the leading e-marketplace for the global building industry


[-- Attachment #2 --]
x�>"�����IPM.Microsoft Mail.Note1
���
(�0!#&)6q���r��X,E���?}��wSMTP:SHALE@BRICSNET.COM@�A��
; ����"C�Jp�/LH	nj�	LZFu�Ť
rcpg1252�`n033O���ch
�s�et0 �Po���P�u}
�ȴ ;	o0�
�v��wk�d4`cP��
�
�Hel	dc1 I A�ve a �hK��t�t' gu0t�g�@�k%	� `gu`rl$y.(Y�i kno�my co	�� w` .! 188680<9  �  faBs@to b�e�x�t)`p!@!�00:17:5�4!�h� /����:�cmp-`�sp  "�pd�Rd` lpi@30491/�Pppw�#�$�5%&/'=9;(?$Y6*+';50v5-/$Y7.�013�2$Y83�4�17$ho!�8�:;2;�$V8�:A=�>�'K!`@�A��0B�C�'OE�B2G��H�I�4J�A�3L�M��I�O�B%R�S�7T��A�)�W:�T�A�.�\o�:�O�A�3�a_D�;�A��2e?fOS�1=�-��T �	�@ "@��`l���o��,��   au � �0tw� p"�s	��"`��"`  p���tr��o��R�`prq"�h���Q�tS�bv4r� C-Cs2#[UICM�PlS�oAv�"лp�bo�!-t���q��t �u��T�}v~�u�#P��`u� ty"�>d}Ԃ��yR_BANDWITH �LzFq�x+fu�q ��py ~�~#jQ$@��p�i's�h�`c0�t�T0v��UP��1H@��"p�em�dpAt� dBcsq�p�lIn�<�uT0�6�G�p�23h�Y ���St	���Box��b60/ T�!o=p�O0
�����M4Yy�1EV`��CpatdadPu0k+@1(416)E�9�-9$�P#|�TPVQ�Fax��3��
�>E�kj@��@bߎ1�!��"q�.�t�(Webkh@p:�//w��.��b���_���ϞE�̎�u�&�� �v����e�-�r0Q~�orv�g	g  |��S_q0���Ua��� �F�.� �FR�}n;� �F�=� �F�>� �F�?� �F�g� �FT�9.0h� �F�i� �F��� �F���; ����"C�Jp�/LH�; ����"C�Jp�/LH��8�����+*V�PSTPRX.DLLNITA����7�nC:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst�
4�72<CCEDJBBFHBFABONEPKICOECHCDAA.shale@bricsnet.com>!r�ieHELLOIHAVEAMACHINETHATSGETTINGATTACKEDREGULARLY(YESIKNOWMYCLOCKISWRONG1886809SECONDSFASTTOBEEXACT)SE7

home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CCEDJBBFHBFABONEPKICOECHCDAA.shale>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation