Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Aug 2000 13:54:41 -0700
From:      Dragos Ruiu <dr@kyx.net>
To:        Alfred Perlstein <bright@wintelcom.net>, "Col.Panic" <panic@satan.antix.org>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: your mail (fwd)
Message-ID:  <0008281356040S.20616@smp.kyx.net>
In-Reply-To: <20000828111254.S1209@fw.wintelcom.net>
References:  <Pine.BSF.4.21.0008281105250.60987-100000@satan.antix.org> <20000828111254.S1209@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
I get this message regularly whenever I use an application that generates
a lot of ICMP from a FreeBSD machine, like when I UDP nmap a FreeBSD
target for instance.   --dr

On Mon, 28 Aug 2000, Alfred Perlstein wrote:
> > > Sep 19 00:17:56 shell /kernel: icmp-response bandwidth limit 3505/200 pps
> > > Sep 19 00:17:57 shell /kernel: icmp-response bandwidth limit 3503/200 pps
> > > Sep 19 00:17:58 shell /kernel: icmp-response bandwidth limit 3505/200 pps
> > > Sep 19 00:17:59 shell /kernel: icmp-response bandwidth limit 3502/200 pps
> 
> * Col.Panic <panic@satan.antix.org> [000828 11:09] wrote:
> > I have an interesting appendage to add to this answer.  I have ICMP shut
> > down at the router, and I get the same messages from my new 4.1-STABLE
> > system.  I can understand if somebody is spoofing ICMP packets, but if
> > they are, how are the replies getting to my machine?
> > 
> > I've looked into it, and there isn't anybody logged into the machine for
> > when this occurs.  I'm at a loss.
> 
> It's an icmp _response_ limit, meaning it limits the amount of icmp
> error messages your machine will generate in repsonse to bogus
> connections or listen queue overflows.
> 
> most likely an ACK/SYN attack of some sort or a server unable to
> handle its listen queue (incomiming connections)
> 
> -Alfred
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
-- 
dursec.com ltd. / kyx.net - we're from the future
pgp fingerprint: 18C7 E37C 2F94 E251 F18E  B7DC 2B71 A73E D2E8 A56D 
pgp key: http://www.dursec.com/drkey.asc


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0008281356040S.20616>