Date: Sat, 27 Jan 2001 17:00:42 +0100 From: Thomas Seck <tmseck@web.de> To: freebsd-security@freebsd.org Subject: Re: ICMP attacks Message-ID: <20010127170042.A737@basildon.homerun> In-Reply-To: <NEBBIEGPMLMKDBMMICFNOEHBECAA.mit@mitayai.net>; from mit@mitayai.net on Fr , Jan 26, 2001 at 04:44:51am -0500 References: <NEBBIEGPMLMKDBMMICFNOEHBECAA.mit@mitayai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fr , Jan 26, 2001 at 04:44:51am -0500, Will Mitayai Keeso Rowe wrote: > > icmp-response bandwidth limit 205/200 pps > > icmp-response bandwidth limit 264/200 pps > > icmp-response bandwidth limit 269/200 pps > > icmp-response bandwidth limit 273/200 pps > > icmp-response bandwidth limit 273/200 pps > > icmp-response bandwidth limit 271/200 pps > > icmp-response bandwidth limit 261/200 pps > > icmp-response bandwidth limit 268/200 pps > > icmp-response bandwidth limit 205/200 pps > > icmp-response bandwidth limit 223/200 pps > > Is there any way to trace the people that are causing this? It's becoming a > daily occurance and it's beginning to irritate me. One is probably just running a portscan against you. The reason you see these messages is because a well behaving system generates an ICMP "port unreachable" message for every port that does not listen for incoming connections. To prevent you from generic ICMP based attacks that try to eat up your bandwidth, the ICMP_BANDLIM parameter was introduced in the GENERIC kernel. Some scanning programs, e.g. nmap, generate a large number of requests, thus triggering more replies than ICMP_BANDLIM allows to get out. [1] This is nothing to worry about, imho. Regards, Thomas Seck [1] If this is in any way not precise enough, do not beat me - I am not a kernel hacker. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010127170042.A737>