Date: Tue, 28 Aug 2001 15:49:19 +1000 From: Kal Torak <kaltorak@quake.com.au> To: deepak@ai.net Cc: FreeBSD-Questions <freebsd-questions@FreeBSD.ORG>, "freebsd-isp@FreeBSD. ORG" <freebsd-isp@FreeBSD.ORG> Subject: Re: Interesting Router Question Message-ID: <3B8B30DF.CE0DD233@quake.com.au> References: <GPEOJKGHAMKFIOMAGMDIEEENFDAA.deepak@ai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Deepak Jain wrote: > > We've got a customer running a FreeBSD router with 2 x 1GE interfaces [ti0 > and ti1]. At no point was bandwidth an issue. > > The router was under some kind of ICMP attack: > > For about 30 minutes: > icmp-response bandwidth limit 96304/200 pps > icmp-response bandwidth limit 97801/200 pps > icmp-response bandwidth limit 97936/200 pps > icmp-response bandwidth limit 97966/200 pps > icmp-response bandwidth limit 98230/200 pps ...snip... No, this is showing that your router was generating a lot of icmp packets, and your kernel was limiting the amount of responses to save bandwidth... You were probably under attack though, it could of been a ping flood or anything that causes your system to reply with icmp packets... Since filtering out icmp packets on the cisco helped it could of been a simple ping flood, since that would of stoped the icmp echo requests from reaching the server... But it also could of been a number of other things... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B8B30DF.CE0DD233>