23/11/01 20:04:02, "Fernando Germano" <fgermano@audiotel.com.ar> a crit:
>I've found many of these, are these the result of a portscan or something
>like that???, how do you read this line???
>
>Nov 23 11:11:50 server /kernel: icmp-response bandwidth limit 187/100 pps
>Nov 23 11:11:51 server /kernel: icmp-response bandwidth limit 264/100 pps
Your kernel tells you that there is something provoking him to send more
responses that he should according to the sysctl limits at
net.inet.icmp.icmplim. 187/264 is the number of packets that the kernel
would have sent if there was'nt the limit, 100 is the limit and pps means
packet par second. This message could result of a portscan or a DoS (or a
too small limit considering the traffic).
see net.inet.icmp.icmplim to modify the limit and set
net.inet.icmp.icmplim_output=0 to turn off the error messages.
--eberkut
ex diffinientium cognitione diffiniti resultat cognitio
. Prelude : http://prelude.sf.net
. CNS : http://minithins.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message