From owner-freebsd-security  Tue Jan 21 11:23: 7 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D0DDA37B401
	for <freebsd-security@FreeBSD.ORG>; Tue, 21 Jan 2003 11:23:05 -0800 (PST)
Received: from smtp.melim.com.br (smtp.melim.com.br [200.215.110.25])
	by mx1.FreeBSD.org (Postfix) with ESMTP id ACCD443ED8
	for <freebsd-security@FreeBSD.ORG>; Tue, 21 Jan 2003 11:23:04 -0800 (PST)
	(envelope-from ronan@melim.com.br)
Received: from fazendinha (ressacada.melim.com.br [200.215.110.4])
	by smtp.melim.com.br (Postfix) with ESMTP
	id D17B1FCB5; Tue, 21 Jan 2003 17:18:21 -0200 (EDT)
Message-ID: <014b01c2c182$b93b5da0$34a8a8c0@melim.com.br>
From: "Ronan Lucio" <ronan@melim.com.br>
To: "Mike Silbersack" <silby@silby.com>,
	"Martin McCormick" <martin@dc.cis.okstate.edu>
Cc: <freebsd-security@FreeBSD.ORG>
References: <200301211600.h0LG08vD022507@dc.cis.okstate.edu> <20030121104626.Y2194-100000@patrocles.silby.com>
Subject: Re: Limiting icmp unreach response from 231 to 200 packets per second
Date: Tue, 21 Jan 2003 17:24:31 -0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> This is not a ping flood, as others have reported.  ICMP unreach packets
> are sent in response to incoming UDP packets to a port which has no
> service running on it.
> 
> Here's what's happening:
> 
> 1.  BIND crashes.
> 2.  DNS requests keep coming in, at a rate of 231 per second.
> 3.  FreeBSD limits the number of icmp unreach responses, and tells you.
> 4.  You restart BIND, and messages go away.
> 
> I can't answer why step #1 occured, but I can assure you that #2 through
> #4 are natural results of #1, and are nothing to worry about it.

I think a good solution is install a DJB DNS Cache and leave it
just to answer DNS queries.
The dnscache machine could even point to a DNS Server running
Bind9.

http://cr.yp.to/djbdns.html

Ronan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message