-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Tibbs, Richard wrote:
<snip> | Anyhoo, while I was there I spotted icmp_ratelimit and icmp_ratemask. | These files have values 100 and 6168 respectively. | Couple of questions raised there: | Is the icmp_ratelimit active even if you don't turn on rate limiting in | Shorewall?
These are kernel paramters, so Shorewall shouldn't affect them (unless it's trying to overwrite them with some other value(s)).
| How do I interpret the 6168?
~From a quick google:
http://www.securityfocus.com/infocus/1711 <quote> (integer) /proc/sys/net/ipv4/icmp_ratelimit (integer) /proc/sys/net/ipv4/icmp_ratemask ~ Together, these two variables allow you to limit how frequently specified ICMP packets are generated. icmp_ratelimit defines how many packets that match the icmp_ratemask per jiffie (a unit of time, a 1/100th of a second on most architectures) are allowed. The ratemask is a logical OR of all the ICMP codes you wish to rate limit. (See /usr/include/linux/icmp.h for the actual values.) The default mask includes destination unreachable, source quench, time exceeded and parameter problem. If you increase the limit, you can slow down or potentially confuse port scans, but you may inhibit legitimate network error indicators. </quote>
6168 is 0x1818 hex, which according to icmp.h looks like the default setting listed above. For reference:
#define ICMP_ECHOREPLY 0 /* Echo Reply */ #define ICMP_DEST_UNREACH 3 /* Destination Unreachable */ #define ICMP_SOURCE_QUENCH 4 /* Source Quench */ #define ICMP_REDIRECT 5 /* Redirect (change route) */ #define ICMP_ECHO 8 /* Echo Request */ #define ICMP_TIME_EXCEEDED 11 /* Time Exceeded */ #define ICMP_PARAMETERPROB 12 /* Parameter Problem */ #define ICMP_TIMESTAMP 13 /* Timestamp Request */ #define ICMP_TIMESTAMPREPLY 14 /* Timestamp Reply */ #define ICMP_INFO_REQUEST 15 /* Information Request */ #define ICMP_INFO_REPLY 16 /* Information Reply */ #define ICMP_ADDRESS 17 /* Address Mask Request */ #define ICMP_ADDRESSREPLY 18 /* Address Mask Reply */ #define NR_ICMP_TYPES 18
...each number is a bit position, take 2 to the power of the bit position to get an integer (ie: ICMP_TIME_EXCEEDED = 2^11 = 2048 = 0x0800). Add the integers together to form a mask value.
ie: to add ICIMP_REDIRECT, ICMP_ECHOREPLY and ICMP_ECHO to your default setting of 0x1818:
ICMP_ECHOREPLY = 2^0 = 1 = 0x0001 ICMP_REDIRECT = 2^5 = 32 = 0x0020 ICMP_ECHO = 2^8 = 256 = 0x0100 old value = 6168 = 0x1818 new value = 6457 = 0x1939
- -- Charles Steinkuehler [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFCIzsJLywbqEHdNFwRAlnSAJ9CG3MA0TFGyn6fqUqqjZ+lvmJacwCfTt+v JgTSL0dMb0PmSHgDRJECTV0= =+R/l -----END PGP SIGNATURE-----
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
