Re: ICMP-floods
- From: Chuck Swiger <cswiger@xxxxxxx>
- Date: Tue, 20 Mar 2007 15:47:59 -0700
On Mar 20, 2007, at 3:31 PM, Jon Otterholm wrote:
Basically I have a admin-net where all routers and switches are
connected. On this net I have a nagios-machine for surveillance (running
FreeBSD). Sometimes when my Nagios sends icmp-echo-replies to equipment
on my admin-net my FreeBSD-routers replies with a icmp-redirect (even
though the echo-reply is not destined for the routers). This wouldn't be
a problem if the routers would just send a single icmp-redirect, the
problem is that they (sometimes more than one) send out about 15000 of
them in reply to a single echo.
All FreeBSD-machines are 6.2-RELEASE
When setting net.inet.ip.redirect=0 on my routers, the icmp-redirects
disappear, but instead I get a large amount of ICMP-time-exceed from my
routers.
The information you've provided strongly suggests either problems with the netmasks being used, or a routing loop, or some combination of both. ICMP time-exceeded messages happen when the packets have been shuffled around, decrementing the TTL at each hop, until it reaches zero. ICMP redirects happen when a machine sends traffic to a router where the router knows that the sending machine can reach the intended destination more directly via some other path.
--
-Chuck
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- References:
- ICMP-floods
- From: Jon Otterholm
- ICMP-floods
- Prev by Date: ICMP-floods
- Next by Date: Re: ICMP-floods
- Previous by thread: ICMP-floods
- Next by thread: Re: ICMP-floods
- Index(es):
Relevant Pages
|
|
