Date: Wed, 22 Jan 2003 02:27:15 +1000 (EST) From: Andy Farkas <andyf@speednet.com.au> To: Mike Tancsa <mike@sentex.net> Cc: Tillman <tillman@seekingfire.com>, <freebsd-security@FreeBSD.ORG> Subject: Re: Limiting icmp unreach response from 231 to 200 packets per second Message-ID: <20030122022350.A54298-100000@hewey.af.speednet.com.au> In-Reply-To: <5.2.0.9.0.20030121111802.060ee170@marble.sentex.ca>
index | next in thread | previous in thread | raw e-mail
> > > On rare occasions, a FreeBSD system in our network has
> > > been known to print the example shown in the subject at a furious
> > > rate for a short time and then things get back to normal.
> > >
> > > Is that what the effects of a ping flood look like?
> >
Yes, that's exactly what happens when ping-flooded.
Note that only root can ping-flood.
> It could be a ping flood, but if its happening after named dies, its more
> likely your kernel sending back messages to all the hosts asking for DNS
> requests. i.e. since named is dead, you had 231 DNS requests coming in per
> second. The kernel, limits its response to the first 200 hosts, sending
> back a message saying there is nothing listening on that port.
He is talking about icmp packets - nothing to do with named.
--
:{ andyf@speednet.com.au
Andy Farkas
System Administrator
Speednet Communications
http://www.speednet.com.au/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030122022350.A54298-100000>