Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 12 May 1999 17:58:08 -0700
From:      Ludwig Pummer <ludwigp@toy.chip-web.com>
To:        Kiril Mitev <kiril@ideaglobal.com>, freebsd-questions@freebsd.org
Subject:   Re: ICMP bandwidth limiter
Message-ID:  <4.1.19990512175317.00a6ecb0@mail-r>
In-Reply-To: <199905121039.LAA24194@idea.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 03:39 AM 5/12/1999 , Kiril Mitev wrote:
>Hi,
>
>this came up on the console, presumably because
>I have the ICMP_BANDLIM options in my kernel:
>
>icmp-response bandwidth limit 118/100 pps
>icmp-response bandwidth limit 106/100 pps
>icmp-response bandwidth limit 101/100 pps
>icmp-response bandwidth limit 112/100 pps
>icmp-response bandwidth limit 120/100 pps
>.......
>
>which sort of raises a few question :-)
>
>1. is there any way of raising the built-in limit
>to, say, 120 (whatever that number means), and if yes,
>is there a risk of being "pinged-out"
>2. is there any way of catching the IP from which 
>the flood ping is coming from ?
>3. should I ask on -security ?

When I upgraded to 3.1-S and looked through the kernel config and saw this,
I became interested (mostly because there didn't seem to be any tunable
options). I searched the mailing list archives (-questions, -stable,
-current, -isp) and found a thread where ICMP_BANDLIM was being discussed.

IIRC, it doesn't need to be tunable. ICMP_BANDLIM limits only ICMP error
messages, like (i think) port unreachable or network unreachable or
something like that (pings are echo messages).

The only time (in my considerable short experience with this option
enabled) when I saw this come up was when I was doing a nessus port scan of
one machine. The machine doing the scanning kept printing these messages.

You could probably run tcpdump and friends and see where it's coming from.

What would you ask -security ?

--Ludwig Pummer ( ludwigp@bigfoot.com ) ICQ UIN: 692441


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990512175317.00a6ecb0>