Re: Limiting icmp unreach response from 231 to 200 packets per second

From: Martin McCormick (
Date: 01/21/03

To: freebsd-security@FreeBSD.ORG
Date: Tue, 21 Jan 2003 10:38:28 -0600
From: Martin McCormick <>

Mike Tancsa writes:
>It could be a ping flood, but if its happening after named dies, its more
>likely your kernel sending back messages to all the hosts asking for DNS
>requests. i.e. since named is dead, you had 231 DNS requests coming in per
>second. The kernel, limits its response to the first 200 hosts, sending
>back a message saying there is nothing listening on that port.

        That is extremely likely. I don't know why named died as
it is usually as tough as iron, but we sometimes get over 400,000
requests per hour at peak times so this may have been the result
rather than the cause. It is hard to tell exactly when the named
process stopped but it could have been as early as the first
messages. there have been no more ICMP limitations since I
restarted bind.

        Again, many thanks to all of you in the best UNIX

To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message