Re: Rate limiting icmp host unreachable replies?

From: Mike Silbersack (silby_at_silby.com)
Date: 01/22/04

  • Next message: Andre Oppermann: "Re: Rate limiting icmp host unreachable replies?" 
    Date: Thu, 22 Jan 2004 13:02:59 -0600 (CST)
To: Andre Oppermann <andre@freebsd.org>

    On Thu, 22 Jan 2004, Andre Oppermann wrote:

    > I'm having a FreeBSD router here that has many networks connected to it which
    > are only sparsely populated. These days I get network scans (deliberate and
    > worms scanning for new targets) every second or so going through every IP in
    > my netblocks. The router is faithfully generating ICMP host unreachable replies
    > to all these scans for each and every unreachable destination IP.
    >
    > I wonder whether it is justifyable to rate limit the icmp host unreachable replies
    > just like the other icmp stuff to 200 (default) per second? Should help alot if
    > the next SQL slammer is coming around and you get thousands of packets per second
    > for unreachable destinations.
    >
    > Comments and opinions welcome!

    I like this a lot, and I would be willing to write up an implementation!

    > PS: I've already coded it and it works nicely.
    >
    > --
    > Andre

    Doh! Well, I guess we'll just have to go with your implementation then.
    :)

    Mike "Silby" Silbersack
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Andre Oppermann: "Re: Rate limiting icmp host unreachable replies?"