On Friday 28 July 2006 06:26, User Freebsd wrote:
> Just an appendum, but this is what I'm seeing in /var/log/messages right
> now:
> Jul 28 00:22:37 io kernel: Limiting icmp unreach response from 6255 to 200
> packets/sec Jul 28 00:22:38 io kernel: Limiting icmp unreach response from
> 6515 to 200 packets/sec Jul 28 00:22:39 io kernel: Limiting icmp unreach
> response from 6646 to 200 packets/sec ^C
> And its been going on for several hours now ... :(

Yes it is just FreeBSD behaving cleverly and limiting the number
of ICMP replies. These two sysctls are of interest:
net.inet.icmp.icmplim: Maximum number of ICMP responses per second
net.inet.icmp.icmplim_output: Enable rate limiting of ICMP responses

Somebody is probably flood pinging your server. You can do
several things.
1) block particular (addresses|proto) from your upstream router.
     This way "bad" traffic will not reach your box.
2) block particular (addresses|proto) from your box. This
     way the "attacker" will not know if your box is up and running.
     Not much gain, since traffic will load your box anyway.

Limit the number of ICMP replies to 5 or 10 per second. Won't
help at all with your situation, but it is a good value for normal

HTH, Nikos
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to