Date: Sat, 15 Dec 2001 10:24:01 +0100 From: =?iso-8859-1?Q?Zahemszky_G=E1bor?= <Gabor@Zahemszky.HU> To: freebsd-security@freebsd.org Subject: Re: Rate-limiting OPEN port RST response? Message-ID: <20011215102401.A338@Picasso.Zahemszky.HU> In-Reply-To: <20011215001404.A55184@ldc.ro>; from razor@ldc.ro on Sat, Dec 15, 2001 at 12:14:04AM %2B0200 References: <20011215001404.A55184@ldc.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 15, 2001 at 12:14:04AM +0200, Alex Popa wrote:
> Is there such a limitation active by default? I am seeing the following
> message:
> Limiting open port RST response from 337 to 200 packets per second
> on my home machine, connected through a 14k modem to the net. I also
> have net.inet.{tcp,udp}.log_in_vain enabled, and have seen no messages
> from these facilities.
Yes, the not-so-logically-named:
net.inet.icmp.icmplim sysctl limits this, too (and not only ICMP responses).
And yes, it's default value is 200 :-)
ZGabor < Gabor at Zahemszky dot HU >
--
#!/bin/ksh
Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011215102401.A338>