From owner-freebsd-questions Tue Dec 19 14:59:49 2000 From owner-freebsd-questions@FreeBSD.ORG Tue Dec 19 14:59:45 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from giroc.albury.net.au (giroc.albury.NET.AU [203.15.244.13]) by hub.freebsd.org (Postfix) with ESMTP id 2F5D437B400 for ; Tue, 19 Dec 2000 14:59:44 -0800 (PST) Received: (from nicks@localhost) by giroc.albury.net.au (8.11.1/8.11.1) id eBJMsfv48931; Wed, 20 Dec 2000 09:54:41 +1100 (EST) Date: Wed, 20 Dec 2000 09:54:41 +1100 From: Nick Slager To: Ryan Masse Cc: FreeBSD-Questions Subject: Re: security check output | kernel log Message-ID: <20001220095441.B43508@albury.net.au> References: <019001c0698a$41af8880$0600a8c0@Home> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <019001c0698a$41af8880$0600a8c0@Home>; from rmasse@mastery.ca on Tue, Dec 19, 2000 at 02:06:46AM -0500 X-Homer: Whoohooooooo! Sender: nicks@giroc.albury.net.au Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thus spake Ryan Masse (rmasse@mastery.ca): > can anyone tell me what this is.. some sort of dos? i found it in the > outputs and have never seen it before. > > comp1.mastery.ca kernel log messages: > > icmp-response bandwidth limit 201/200 pps > > icmp-response bandwidth limit 201/200 pps > > icmp-response bandwidth limit 201/200 pps Yes, it's probably some sort of DoS, although not necessarily. There's an option in the kernel that rate limits ICMP responses. From LINT: # ICMP_BANDLIM enables icmp error response bandwidth limiting. You # typically want this option as it will help protect the machine from # D.O.S. packet attacks. # options ICMP_BANDLIM Regards, Nick -- From a Sun Microsystems bug report (#4102680): "Workaround: don't pound on the mouse like a wild monkey." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message