From owner-freebsd-security Wed May 31 10:56:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from larryboy.graphics.cornell.edu (larryboy.graphics.cornell.edu [128.84.247.48]) by hub.freebsd.org (Postfix) with ESMTP id 1546A37B8DF for ; Wed, 31 May 2000 10:56:39 -0700 (PDT) (envelope-from mkc@larryboy.graphics.cornell.edu) Received: from larryboy.graphics.cornell.edu (mkc@localhost) by larryboy.graphics.cornell.edu (8.9.3/8.9.3) with ESMTP id NAA17404; Wed, 31 May 2000 13:56:34 -0400 (EDT) (envelope-from mkc@larryboy.graphics.cornell.edu) Message-Id: <200005311756.NAA17404@larryboy.graphics.cornell.edu> To: Visigoth Cc: freebsd-security@freebsd.org Subject: Re: icmp-response bandwidth limit In-Reply-To: Message from Visigoth of "Wed, 31 May 2000 12:44:58 CDT." Date: Wed, 31 May 2000 13:56:34 -0400 From: Mitch Collinsworth Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > This type of kernel message generally denotes one of two things, >neither of which are usually nice. icmp-response bandwidth limiting is >built into the kernel to lessen the effects of a ping flood, and are often >the result of being flooded, but I have also noticed that message due to >scans such as nmap. Either way, something happened that you will probably >want to know about... I might recomend installing ipfilter and logging >all traffic except your known/public services (and maybe even some of >those ;). Ok, thanks for the info. I failed to mention a couple of possibly relevent items: - This machine is running 3.4-R - There are several other FreeBSD machines on the same net, none of which logged this message, including 2 that are 4.0-R. -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message