Re: Limiting icmp unreach response from 231 to 200 packets per second
From: Tillman (tillman@seekingfire.com)
Date: 01/21/03
- Next message: Mike Tancsa: "Re: Limiting icmp unreach response from 231 to 200 packets per second"
- Previous message: Steve Crowder: "RE: Limiting icmp unreach response from 231 to 200 packets per second"
- In reply to: Martin McCormick: "Limiting icmp unreach response from 231 to 200 packets per second"
- Next in thread: Mike Tancsa: "Re: Limiting icmp unreach response from 231 to 200 packets per second"
- Reply: Mike Tancsa: "Re: Limiting icmp unreach response from 231 to 200 packets per second"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Jan 2003 10:13:57 -0600 From: Tillman <tillman@seekingfire.com> To: freebsd-security@FreeBSD.ORG
On Tue, Jan 21, 2003 at 10:00:08AM -0600, Martin McCormick wrote:
> On rare occasions, a FreeBSD system in our network has
> been known to print the example shown in the subject at a furious
> rate for a short time and then things get back to normal.
>
> Is that what the effects of a ping flood look like?
``Limiting icmp unreach response from 231 to 200 packets per second''
What you're seeing is the kernel limiting ICMP responses to 200/second.
If there are more than 200 ICMP requests per second, and you have
net.inet.icmp.icmplim set to 200 via sysctl (the default value), this
occurs.
This could be a ICMP flood attack. It could also be legimate traffic.
For your network, what would you consider to be a normal number of ICMP
requests per second?
231 packets/second is actually pretty slow if you're on a high speed
local network, so in that situation it's unlikely to be a deliberate
ping flood. I've had network monitoring tools that were badly configured
do something that looked much like this.
- Tillman
-- Page 41: Two of the most important Unix traditions are to share and to help people. - Harley Hahn, _The Unix Companion_ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Mike Tancsa: "Re: Limiting icmp unreach response from 231 to 200 packets per second"
- Previous message: Steve Crowder: "RE: Limiting icmp unreach response from 231 to 200 packets per second"
- In reply to: Martin McCormick: "Limiting icmp unreach response from 231 to 200 packets per second"
- Next in thread: Mike Tancsa: "Re: Limiting icmp unreach response from 231 to 200 packets per second"
- Reply: Mike Tancsa: "Re: Limiting icmp unreach response from 231 to 200 packets per second"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
