From owner-freebsd-questions Tue Apr 4 13: 8:17 2000 Delivered-To: freebsd-questions@freebsd.org Received: from hydrant.intranova.net (hydrant.intranova.net [209.201.95.10]) by hub.freebsd.org (Postfix) with SMTP id 60F3637B9BE for ; Tue, 4 Apr 2000 13:08:02 -0700 (PDT) (envelope-from oogali@intranova.net) Received: (qmail 93604 invoked from network); 4 Apr 2000 20:12:10 -0000 Received: from localhost.abuselabs.com (HELO localhost) (missnglnk@127.0.0.1) by localhost.abuselabs.com with SMTP; 4 Apr 2000 20:12:10 -0000 Date: Tue, 4 Apr 2000 16:12:10 -0400 (EDT) From: Omachonu Ogali To: Doug Barton Cc: Pete Fritchman , freebsd-questions@freebsd.org Subject: Re: icmp-response bandwidth limit question In-Reply-To: <38E98485.826C1DE8@san.rr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 3 Apr 2000, Doug Barton wrote: > Pete Fritchman wrote: > > > > > icmp-response bandwidth limit 734/200 pps > > > icmp-response bandwidth limit 729/200 pps > > > > What do these indicate? > > That your kernel is dropping everything over 200 ICMP packets per > second. It indicates that your kernel is dropping ICMP and/or TCP responses that are coming out faster than 200 packets per second. It's limiting what's coming OUT from you. > > I find it odd because all ICMP is dropped before reaching this particular > > server. > > Apparently not. You should recheck your inbound filters. Sorry, but this is an incorrect statement, ICMP_BANDLIM does not limit what comes in, but rather what goes out. In this case, someone may have been port scanning your machine and the kernel was eliciting RST's or ICMP unreachables in return to non-open ports, and at the rate it was being output it triggered ICMP response limiting. > Good luck, > > Doug > Hopefully, I've given a more accurate spin on things... -- +-------------------------------------------------------------------------+ | Omachonu Ogali oogali@intranova.net | | Intranova Networking Group http://tribune.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +-------------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message