Date: Mon, 28 Aug 2000 13:31:06 -0400 From: "Shane Hale" <shale@bricsnet.com> To: <freebsd-security@freebsd.org> Message-ID: <CCEDJBBFHBFABONEPKICOECHCDAA.shale@bricsnet.com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0194_01C010F4.38654740 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hello I have a machine that's getting attacked regularly. (Yes i know my clock is wrong... 1886809 seconds fast to be exact) Sep 19 00:17:54 shell /kernel: icmp-response bandwidth limit 3491/200 pps Sep 19 00:17:55 shell /kernel: icmp-response bandwidth limit 3499/200 pps Sep 19 00:17:56 shell /kernel: icmp-response bandwidth limit 3505/200 pps Sep 19 00:17:57 shell /kernel: icmp-response bandwidth limit 3503/200 pps Sep 19 00:17:58 shell /kernel: icmp-response bandwidth limit 3505/200 pps Sep 19 00:17:59 shell /kernel: icmp-response bandwidth limit 3502/200 pps Sep 19 00:18:00 shell /kernel: icmp-response bandwidth limit 3488/200 pps Sep 19 00:18:01 shell /kernel: icmp-response bandwidth limit 3491/200 pps Sep 19 00:18:02 shell /kernel: icmp-response bandwidth limit 3494/200 pps Sep 19 00:18:03 shell /kernel: icmp-response bandwidth limit 3491/200 pps Sep 19 00:18:04 shell /kernel: icmp-response bandwidth limit 3497/200 pps Sep 19 00:18:05 shell /kernel: icmp-response bandwidth limit 3501/200 pps Sep 19 00:18:06 shell /kernel: icmp-response bandwidth limit 3504/200 pps Sep 19 00:18:07 shell /kernel: icmp-response bandwidth limit 3485/200 pps Sep 19 00:18:27 shell /kernel: icmp-response bandwidth limit 1599/200 pps (This went on for about 15 minutes, and caused my network to be slow as molasses and a traceroute from home stopped at the router that routes my C-Class) I have ICMP bandwith limiting on the machine being attacked, but... - how can i trace who's attacking me - what exactly are they trying to do - how does ICMP_BANDWITH Limiting work If there is anyone who can help me, i'd appreciate it. Shane Hale Systems Administration Bricsnet, Inc Suite 601, 2300 Yonge Street, Box 2361 / Toronto, Ontario / M4P 1E4 / Canada Phone: +1(416)489-9000 ext. 304 Fax: +1(416)489-3201 Email: shale@bricsnet.com Web: http://www.bricsnet.com __________________________________________ Bricsnet Inc. Bricsnet.com is the leading e-marketplace for the global building industry ------=_NextPart_000_0194_01C010F4.38654740 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="winmail.dat" eJ8+IgYRAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAANAHCAAcAA0AHwAAAAEAKAEB A5AGADAIAAAhAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAADADYAAAAAAAIBcQAB AAAAFgAAAAHAERW+559ytpRYLEW5rqg/fRqq6XcAAAIBHQwBAAAAGAAAAFNNVFA6U0hBTEVAQlJJ Q1NORVQuQ09NAAsAAQ4AAAAAQAAGDgCiQbsVEcABAgEKDgEAAAAYAAAAAAAAADsgoPu2yiJDkRVK cL4vTEjCgAAACwAfDgEAAAACAQkQAQAAAG4EAABqBAAAnAkAAExaRnX+f8WkAwAKAHJjcGcxMjUW MgD4C2BuDhAwMzNPAfcCpAPjAgBjaArAc/BldDAgBxMCgwBQEG/fBesCgw5QA9URdX0KgAjItCA7 CW8wAoAKgXYIkKR3awuAZDQMYGMAUI8LAwu2CrEKgEhlbAkACxlkGhVjEgIxIEkgQRDwdmUgYSAA wWhLC4AboHQQ8HQnBCBndREwdAuAZxuwAkAA0GslCYAgFmBndQtgcmwkeS4aGihZB5FpIAhrbm8H 4G15IGNvCQAdkB+ABCB3A2APIC4BIRAgMTg4NjgwPDkgESAFoBggBCBmYUJzBUB0byBiG6BlsngA 0HQpGhoGYHAhQAEhsDAwOjE3OjXKNCHAaBnRIC8doASghRnQOh+AY21wLRZgvHNwAiARICLAAHBk A/BSZBxgIGwHcGkFQDMwNDkxLwHQEVBwcHcQsCPfJOA1JR8mLyc9OTsoPyRZNioPKx8nOzUwdjUt LyRZNy7/MA8xHTP7Mh8kWTgz7zT/MR83HyRobyGxOP86DzsbMjv/JFY4/jpBAT3fPu8nSyFgQO9B +b8bMELPQ98nT0X/QhcyR6/bSL9JzTRKz0H5M0yfTa+/Sc9Pz0IIJQ9Sj1OeN1Sv/0H5Kf9Xfzru VJ9B6i7vXG//Ou5Pr0HqM99hX0TOO+9B6e4yZT9mT1ObMT2gLR0e5f5UHBAgoQnwBUACICJABbF/ AaAIYGzyG9ALgG/gB5As5xuwGCAgIGF1ESAdwCABuRwwdHcFsCBwIqRzCQD/B+AiYBvQBvAiYBEg BCBw0vkbwHRyANAEkG/RG6ADUv8bYANwcnEioGiwHbEcgBxRfxugdFMFwBxidjRy8SAQQxwtQ3My I1sbVUlDTf5QbAVT1h0Sb0F2AhvmItC7HRpwsGJv4CERGhotdPH/B+BxEAOgH5B0AyCwdQAcof8d VB0SB4B9dn7wddEjAx5Q3xuwFmB18iAQdAB5HRIioT5kGgV91IKQB5F5Ul9CAEFORFdJVEgg7kx6 RnHieCtmdfKBcSCR/QBweQIgftN+I2pRJEAHgLlwsGknc8FosBZgYwcw/3SBVDAedhrgAtEZVRoV FFD3BgAQ8BwxSAdAgAUGsCJw9GVtFNFkcEEEAHQBHQDLAiAZZEIFEGNzcbFwsGxJbgDgPIR1VDAb oDbTR4BwsDIzaIFZIOEboI5TdAAJ4I6RQm94j/FiNhswLyBUBbACIW89cLBPAjAKwI2QkbFNNFl5 gDFFVmCRwEMAcGF0ZGEZZFB1ABwwaxArQDEoNDE2KUWgOfwtOSSQEVAjAHzQVFBWUehGYXiUyzMB 0BiDCoA+RQDAAxBrEGpAi9FAYt+OMQKxIcCLInGxLgWgdOAoV2ViaxBoAkBwOugvL3ea8C6Y4o5i meL9GhpfnL+dz55FjcyOsh51f44mmeMgkXYCi+CT4B0SZf4tAMByABEwC1F+wW9ydgL+ZwkAZyAD IHywAxCiUxgRX3EwgfGKxhlVFWEAprAAAAsAAYAIIAYAAAAAAMAAAAAAAABGAAAAAAOFAAAAAAAA AwAugAggBgAAAAAAwAAAAAAAAEYAAAAAUoUAAH1uAQALADuACCAGAAAAAADAAAAAAAAARgAAAAAO hQAAAAAAAAMAPYAIIAYAAAAAAMAAAAAAAABGAAAAABCFAAAAAAAAAwA+gAggBgAAAAAAwAAAAAAA AEYAAAAAEYUAAAAAAAADAD+ACCAGAAAAAADAAAAAAAAARgAAAAAYhQAAAAAAAB4AZ4AIIAYAAAAA AMAAAAAAAABGAAAAAFSFAAABAAAABAAAADkuMAALAGiACCAGAAAAAADAAAAAAAAARgAAAAAGhQAA AAAAAAMAaYAIIAYAAAAAAMAAAAAAAABGAAAAAAGFAAAAAAAACwCJgAggBgAAAAAAwAAAAAAAAEYA AAAAgoUAAAEAAAACAfgPAQAAABAAAAA7IKD7tsoiQ5EVSnC+L0xIAgH6DwEAAAAQAAAAOyCg+7bK IkORFUpwvi9MSAIB+w8BAAAAjgAAAAAAAAA4obsQBeUQGqG7CAArKlbCAABQU1RQUlguRExMAAAA AAAAAABOSVRB+b+4AQCqADfZbgAAAEM6XFdJTkRPV1NcTG9jYWwgU2V0dGluZ3NcQXBwbGljYXRp b24gRGF0YVxNaWNyb3NvZnRcT3V0bG9va1xQZXJzb25hbCBGb2xkZXJzKDEpLnBzdAAAAAMA/g8F AAAAAwANNP03AAACAX8AAQAAADIAAAA8Q0NFREpCQkZIQkZBQk9ORVBLSUNPRUNIQ0RBQS5zaGFs ZUBicmljc25ldC5jb20+AAAAAwAGECEBcogDAAcQaQYAAAMAEBAAAAAAAwAREAAAAAAeAAgQAQAA AGUAAABIRUxMT0lIQVZFQU1BQ0hJTkVUSEFUU0dFVFRJTkdBVFRBQ0tFRFJFR1VMQVJMWShZRVNJ S05PV01ZQ0xPQ0tJU1dST05HMTg4NjgwOVNFQ09ORFNGQVNUVE9CRUVYQUNUKVNFAAAAAA83 ------=_NextPart_000_0194_01C010F4.38654740-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CCEDJBBFHBFABONEPKICOECHCDAA.shale>