Rate limiting icmp host unreachable replies?
From: Andre Oppermann (andre_at_freebsd.org)
Date: 01/22/04
- Previous message: Randall R. Stewart (home): "Re: Multihomed UDP server"
- Next in thread: Mike Silbersack: "Re: Rate limiting icmp host unreachable replies?"
- Reply: Mike Silbersack: "Re: Rate limiting icmp host unreachable replies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 22 Jan 2004 19:28:47 +0100 To: freebsd-net@freebsd.org
I'm having a FreeBSD router here that has many networks connected to it which
are only sparsely populated. These days I get network scans (deliberate and
worms scanning for new targets) every second or so going through every IP in
my netblocks. The router is faithfully generating ICMP host unreachable replies
to all these scans for each and every unreachable destination IP.
I wonder whether it is justifyable to rate limit the icmp host unreachable replies
just like the other icmp stuff to 200 (default) per second? Should help alot if
the next SQL slammer is coming around and you get thousands of packets per second
for unreachable destinations.
Comments and opinions welcome!
PS: I've already coded it and it works nicely.
-- Andre _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Randall R. Stewart (home): "Re: Multihomed UDP server"
- Next in thread: Mike Silbersack: "Re: Rate limiting icmp host unreachable replies?"
- Reply: Mike Silbersack: "Re: Rate limiting icmp host unreachable replies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
