Date: Thu, 27 Jan 2000 08:40:12 -0700 From: Brett Glass <brett@lariat.org> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: security@FreeBSD.ORG Subject: Re: Riddle me this Message-ID: <4.2.2.20000127083643.03d86560@localhost> In-Reply-To: <200001270425.UAA18744@apollo.backplane.com> References: <200001270355.UAA01355@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 09:25 PM 1/26/2000 , Matthew Dillon wrote:
> Well, certainly the 'failed to write packet back' has nothing to do
> with the icmp bandwidth limiting -- the bandwidth limiting drops packets,
> the sender would not see an error. Also, the bandwidth limiting only
> drops kernel-generated icmp response packets for certain specific cases
> unrelated to NAT.
That's what I figured. The question, though, is what sort of attack or
condition WOULD have caused the error. The machines behind this one
are relatively safe because they're not addressable thanks to NAT.
> What likely occured in the Jan 24 logs was some sort of continuous
> problem for the time range indicated (19:18:59 -> 19:20:15), but only
> exceeding the 100 pps threshold at a couple of points during that
> period.
Could be. I figure that the "continuous problem" was likely to have been
an attack. The upstream link was down for several hours that week, and
in fact the *backbone provider* was experiencing outages.
--Brett
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000127083643.03d86560>