Re: New ICMP limits

From: Andre Oppermann (andre_at_freebsd.org)
Date: 12/08/04

  • Next message: Scott M. Ferris: "Re: UCARP support for FreeBSD"
    Date: Wed, 08 Dec 2004 15:53:07 +0100
    To: Michal Mertl <mime@traveller.cz>
    
    

    Michal Mertl wrote:
    >
    > Hello,
    >
    > I think some network administrators may want to set different maximum rate
    > for different types of ICMP replies. Currently the limit
    > net.inet.icmp.icmplim is enforced independently for the following cases -
    > ICMP echo-reply, ICMP timestamp reply, ICMP port unreachable (generated as a
    > response to a packet received on a UDP port with no listening application).
    > It's in addition a bit misused (or at least misnamed) for limiting sending
    > of TCP reset packets on closed and open ports.
    >
    > Andre Oppermann wrote a patch which adds support for limiting the sending of
    > ICMP host unreachable messages. These are generated by a router when it
    > can't send the packet to the destination, such as when it's about to send to
    > an unused IP address on a directly connected network.

    Michael,

    I'll take care of this but I'm busy right now. Look into it later this week.

    -- 
    Andre
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
    

  • Next message: Scott M. Ferris: "Re: UCARP support for FreeBSD"

    Relevant Pages

    • Re: Firewalls: whats the use?
      ... >> control the types of ICMP message sent and received. ... Do I really need to implement a firewall just to prevent ICMP? ... packet to crash the OS. ... especially in cases where the packet was destined to a port where no ...
      (comp.os.linux.security)
    • Re: Survive without ICMP?
      ... ICMP resides above IP protocol, ... it receives a UDP or TCP packet on port 0 would be packets ... ICMP Type 3 Code 3 (Port unreachable). ... when it receives a TCP packet to a forbidden port which may ...
      (comp.security.firewalls)
    • Re: comp.lang.asm.x86 Is Undergoing Testing
      ... six-digit IP address, 65536 different port numbers). ... If anyone can explain ICMP, which operates upon the first four digits ... I still use it sometimes to watch all packet when there are some ... it's not written in NASM syntax (did NASM exist ...
      (alt.lang.asm)
    • Re: [Full-disclosure] Re: ICMP Destination Unreachable Port Unreachable
      ... I did notice what type of packet it was and I also know what the ... The payloads of the ICMP packets are a bit weird too, ... I want info about the payload not about ICMP! ... In case you've failed to notice, this is an ICMP port unreachable ...
      (Full-Disclosure)
    • Re: ICMP on port 3
      ... >>i have a strange communication between two of my Linux server, it's ICMP ... a port by many tools. ... It is a type of icmp packet; ...
      (Security-Basics)