Hi, I am running freebsd 4.4
I am getting this error
www /kernel: Limiting icmp unreach response from 537 to 200 pack

I just added a some new ips(different class)

My download from the server now is extremely slow also.

would this be the cause of this?


Thanks

you shouldn't be getting 500+ pps of icmp unreachable. i hesitate to suggest that you might be under attack (which also explains why your machine is now slow...)

perhaps those new ips that you added were already being packeted.

Yeah thats what we came to conclude that is was being attacked. After about 4 hours it was back to normal, funny thing is thou my mrtg graphs look normal the whole time. Do these attacks not waste any bw? and just hamper the nic?
Thanks

Originally posted by Dilhole
Yeah thats what we came to conclude that is was being attacked. After about 4 hours it was back to normal, funny thing is thou my mrtg graphs look normal the whole time. Do these attacks not waste any bw? and just hamper the nic?
Thanks


I had something like that before. "Source Quench" was the message I woud get when I tryed to ping it. It wouldn't even serve webpages. The guy hit my server for 3 days. Then he stopped for some reason. I think he was the hacker that got into my system. I ended up getting paranoid and disabling ftp and telnet.

Originally posted by ClusterMania

... I ended up getting paranoid and disabling ftp and telnet.


Stay paranoid and keep telnet disabled. Use ssh instead.

If you can, switch ftp to a different port than 21. I moved my proFTP server to a different port, and now I get zero probes on the new ftp port. Note that you can do this only if all the people who use your ftp server also reconfig their ftp clients to use the new port (most ftp clients allow for this). You can also use the sftp feature of ssh.