icmp-response bandwidth limit 300/200 pps
发表于:2007-07-01来源:作者:点击数:
标签:
This is the kernel telling you that some activity is provoking it to send more ICMP or TCP reset (RST) responses than it thinks it should. ICMP responses are often generated as a result of attempted connections to unused UDP ports. TCP rese
This is the kernel telling you that some activity is provoking it to send more ICMP or TCP reset (RST) responses than it thinks it should. ICMP responses are often generated as a result of attempted connections to unused UDP ports. TCP resets are generated as a result of attempted connections to unopened TCP ports. Among others, these are the kinds of activities which may cause these messages:
Brute-force denial of service (DoS) attacks (as opposed to single-packet attacks which exploit a specific vulnerability).
Port scans which attempt to connect to a large number of ports (as opposed to only trying a few well-known ports).
The first number in the message tells you how many packets the kernel would have sent if the limit
wasn@#t in place, and the second number tells you the limit. You can control the limit using the
.net.inet.icmp.icmplim sysctl variable like this, where 300 is the limit in packets per second:
# sysctl -w net.inet.icmp.icmplim=300
If you don@#t want to see messages about this in your log files, but you still want the kernel to do response limiting, you can use the net.inet.icmp.icmplim_output sysctl variable to disable the output like this:
# sysctl -w net.inet.icmp.icmplim_output=0
Finally, if you want to disable response limiting, you can set the net.inet.icmp.icmplim sysctl variable (see above for an example) to 0. Disabling response limiting is discouraged for the reasons listed above.
原文转自:http://www.ltesting.net