Date: Sat, 24 Feb 2001 00:50:36 -0800 (PST) From: Chris Phillips <chris@selkie.org> To: Brent <bierblb@netins.net> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: icmp-response bandwidth limit Message-ID: <Pine.BSF.4.21.0102240047440.701-100000@shell.bchosting.com> In-Reply-To: <CLEBKGOHKNELHPEDDJJIKEAECKAA.bierblb@netins.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 24 Feb 2001, Brent wrote: > I have looked up this error, and it says it could be a icmp attack, is there > a way to see if this is true. Also what are some ways to protect myself > from a icmp attack? This is some of what I am getting from ipfw: Actually it is a kernel option that is generating those messages. > icmp-response bandwidth limit 213/200 pps > icmp-response bandwidth limit 323/200 pps > icmp-response bandwidth limit 300/200 pps > icmp-response bandwidth limit 219/200 pps > icmp-response bandwidth limit 201/200 pps > icmp-response bandwidth limit 272/200 pps This is typical of a port scan. If you nmap your own box it would likely replicate this behaviour. If you want to know what it is and where it is coming from start logging all the icmp traffic with ipfw and analyze the log. Another nifty tool is snort. Protecting yourself from an icmp attack is usually done with a firewall such as ipfw. -Chris Phillips To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0102240047440.701-100000>