From owner-freebsd-questions Wed Apr 5 16:32: 1 2000 Delivered-To: freebsd-questions@freebsd.org Received: from binary.databits.net (binary.databits.net [63.162.10.100]) by hub.freebsd.org (Postfix) with ESMTP id 4FAA437B8F0 for ; Wed, 5 Apr 2000 16:31:55 -0700 (PDT) (envelope-from petef@binary.databits.net) Received: by binary.databits.net (Postfix, from userid 1001) id E072957305; Wed, 5 Apr 2000 19:32:10 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by binary.databits.net (Postfix) with ESMTP id DCD9353502; Wed, 5 Apr 2000 19:32:10 -0400 (EDT) Date: Wed, 5 Apr 2000 19:32:10 -0400 (EDT) From: Pete Fritchman To: Doug Barton Cc: freebsd-questions@freebsd.org Subject: Re: icmp-response bandwidth limit question In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG The firewall *doesn't* let ICMP through. The port-scan explanation makes sense. What is the kernel config to turn this off? Regards, Pete On Wed, 5 Apr 2000, Doug Barton wrote: > On Tue, 4 Apr 2000, Omachonu Ogali wrote: > > > On Mon, 3 Apr 2000, Doug Barton wrote: > > > > > Pete Fritchman wrote: > > > > > > > > > icmp-response bandwidth limit 734/200 pps > > > > > icmp-response bandwidth limit 729/200 pps > > > > > > > > What do these indicate? > > > > > > That your kernel is dropping everything over 200 ICMP packets per > > > second. > > > > It indicates that your kernel is dropping ICMP and/or TCP responses that > > are coming out faster than 200 packets per second. It's limiting what's > > coming OUT from you. > > This option does not affect TCP responses. It's ICMP only. > > > In this case, someone may have > > been port scanning your machine and the kernel was eliciting RST's or ICMP > > unreachables in return to non-open ports, and at the rate it was being > > output it triggered ICMP response limiting. > > That's possible, true. Although if they have a semi-decent > firewall it shouldn't be allowing this type of port scanning activity. Of > course, he didn't think his firewall would let through ICMP either... > > > Doug > -- > "So, the cows were part of a dream that dreamed itself into > existence? Is that possible?" asked the student incredulously. > The master simply replied, "Mu." > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message