Date: Tue, 4 Apr 2000 16:12:10 -0400 (EDT) From: Omachonu Ogali <oogali@intranova.net> To: Doug Barton <DougGuy@san.rr.com> Cc: Pete Fritchman <petef@binary.databits.net>, freebsd-questions@freebsd.org Subject: Re: icmp-response bandwidth limit question Message-ID: <Pine.BSF.4.10.10004041607550.93547-100000@hydrant.intranova.net> In-Reply-To: <38E98485.826C1DE8@san.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Apr 2000, Doug Barton wrote: > Pete Fritchman wrote: > > > > > icmp-response bandwidth limit 734/200 pps > > > icmp-response bandwidth limit 729/200 pps > > > > What do these indicate? > > That your kernel is dropping everything over 200 ICMP packets per > second. It indicates that your kernel is dropping ICMP and/or TCP responses that are coming out faster than 200 packets per second. It's limiting what's coming OUT from you. > > I find it odd because all ICMP is dropped before reaching this particular > > server. > > Apparently not. You should recheck your inbound filters. Sorry, but this is an incorrect statement, ICMP_BANDLIM does not limit what comes in, but rather what goes out. In this case, someone may have been port scanning your machine and the kernel was eliciting RST's or ICMP unreachables in return to non-open ports, and at the rate it was being output it triggered ICMP response limiting. > Good luck, > > Doug > Hopefully, I've given a more accurate spin on things... -- +-------------------------------------------------------------------------+ | Omachonu Ogali oogali@intranova.net | | Intranova Networking Group http://tribune.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +-------------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10004041607550.93547-100000>