From owner-freebsd-security  Mon Aug 28 11:27: 2 2000
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39])
	by hub.freebsd.org (Postfix) with ESMTP id 7469237B42C
	for <freebsd-security@FreeBSD.ORG>; Mon, 28 Aug 2000 11:26:57 -0700 (PDT)
Received: (qmail 32549 invoked by uid 1000); 28 Aug 2000 18:26:56 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 28 Aug 2000 18:26:56 -0000
Date: Mon, 28 Aug 2000 13:26:56 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: "Col.Panic" <panic@satan.antix.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: your mail (fwd)
In-Reply-To: <Pine.BSF.4.21.0008281105250.60987-100000@satan.antix.org>
Message-ID: <Pine.BSF.4.21.0008281325180.32532-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



On Mon, 28 Aug 2000, Col.Panic wrote:

> I have an interesting appendage to add to this answer.  I have ICMP shut
> down at the router, and I get the same messages from my new 4.1-STABLE
> system.  I can understand if somebody is spoofing ICMP packets, but if
> they are, how are the replies getting to my machine?
> 
> I've looked into it, and there isn't anybody logged into the machine for
> when this occurs.  I'm at a loss.
> 
> Thanks,
> 
> -Jason

"icmp-response" is a misnomer.  It counts both icmp unreachables and TCP
RST packets.  So, UDP to unopen ports, and TCP (non-syn) to unopen ports
will cause bandwidth limiting and the resulting console messages.

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message