Date: Sat, 14 May 2005 09:19:45 +0200 From: Daniel Gerzo <danger@rulez.sk> To: "Colin J. Raven" <colin@kenmore.kozy-kabin.nl>, questions@freebsd.org Subject: Re: Strange kernel messages Message-ID: <354708933.20050514091945@rulez.sk> In-Reply-To: <20050514090844.Q9329@kenmore.kozy-kabin.nl> References: <20050514090844.Q9329@kenmore.kozy-kabin.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. ------------761B514836785061 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Hello Colin, Saturday, May 14, 2005, 9:14:20 AM, you thoughtfully wrote the following: > Hi all! > I occasionally get these in my daily security run output (which is=20 > worrying in itself) > Limiting closed port RST response from 1629 to 200 packets per second > the number of these can range from one or two, to sometimes 25 - 30=20 > although the latter case is rarer. Usually there's about six or so.=20 > These don't arrive every day, usually about once per week on average. > Is this an OS response to an attempted attack, limiting potential DDOS > damage? That's how I'm reading it, but of course I'm guessing. If that > *is* so, what mechanism is doing this? your kernel is limitting number of icmp ping requests to 200, someone is possibly trying to ping -f you. You can also decrease/increase this limit with net.inet.icmp.icmplim > FreeBSD 4.11 STABLE > Regards & TIA > -Colin --=20 Best Regards, DanGer, ICQ: 261701668 | e-mail protecting at: http://www.2pu.net/ http://danger.rulez.sk | proxy list at: http://www.proxy-web.com/ | FreeBSD - The Power to Serve! [ i locked the door to my own cell, and i lost the key ] ------------761B514836785061--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?354708933.20050514091945>