Re: ICMP Killed me and my machine

From: Cory Vokey (cory.vokey@messagingdirect.com)
Date: 05/31/01 

From: "Cory Vokey" <cory.vokey@messagingdirect.com>
To: "Mike Silbersack" <silby@silby.com>, "Liran Dahan" <lirandb@netvision.net.il>
Date: Thu, 31 May 2001 15:27:33 -0600

Using tcpdump, find the source I.P address of who's
hitting you and set up a rule using ipfw to block it.

Cory Vokey.

----- Original Message -----
From: "Mike Silbersack" <silby@silby.com>
To: "Liran Dahan" <lirandb@netvision.net.il>
Cc: <freebsd-security@FreeBSD.ORG>
Sent: Thursday, May 31, 2001 3:22 PM
Subject: Re: ICMP Killed me and my machine

>
> On Fri, 1 Jun 2001, Liran Dahan wrote:
>
> > My machines are being attacked over hours and those are the only
messages i found:
> > Jun 1 00:07:30 freebsd /kernel: Limiting icmp unreach response from 710
to 20 packets per second
> > Jun 1 00:05:49 freebsd /kernel: Limiting icmp unreach response from
1092 to 20 packets per second
> > i tonoz of messages like that...
> >
> > I Had Orange light ON - TRAF on my hub
> > But i was down including all my machines..
> >
> > -Liran Dahan- (lirandb@netvision.net.il)
>
> Someone's definitely flooding you. You're going to have to use tcpdump,
> see if you can figure out what's hitting you, and have someone upstream
> filter it. There's probably nothing more you can do on the machines
> themselves.
>
> Mike "Silby" Silbersack
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Strange new behavior
    ... > I just noticed one of my machines will no longer respond to echo requests ... Sounds like the packets are not send with the right destination MAC ... When you start tcpdump it will switch the interface into ...
    (comp.os.linux.security)
  • Re: forwarding http requests with ipfw
    ... But I would like machines on the internal.freebsd.org network to query privatehost as if it was. ... When one of these machines queries privatehost I would like privatehost to forward those requests to my webserver, www.freebsd.org, so that it can handle the request. ... The problem I am having is that it seems the packets never leave privatehost. ... "ipfw show" shows that packets are matching my rule, but tcpdump never shows any packets going out to 216.136.204.117. ...
    (freebsd-questions)
  • Re: forwarding http requests with ipfw
    ... But I would like machines on the internal.freebsd.org network to query privatehost as if it was. ... The problem I am having is that it seems the packets never leave privatehost. ... "ipfw show" shows that packets are matching my rule, but tcpdump never shows any packets going out to 216.136.204.117. ...
    (freebsd-questions)
  • Re: forwarding http requests with ipfw
    ... But I would like machines on the internal.freebsd.org network to query privatehost as if it was. ... When one of these machines queries privatehost I would like privatehost to forward those requests to my webserver, www.freebsd.org, so that it can handle the request. ... The problem I am having is that it seems the packets never leave privatehost. ... "ipfw show" shows that packets are matching my rule, but tcpdump never shows any packets going out to 216.136.204.117. ...
    (freebsd-questions)
  • Re: forwarding http requests with ipfw
    ... But I would like machines on the internal.freebsd.org network to query privatehost as if it was. ... When one of these machines queries privatehost I would like privatehost to forward those requests to my webserver, www.freebsd.org, so that it can handle the request. ... The problem I am having is that it seems the packets never leave privatehost. ... "ipfw show" shows that packets are matching my rule, but tcpdump never shows any packets going out to 216.136.204.117. ...
    (freebsd-questions)