| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Mar 2007 09:44:43 -0700
From: Rick Jones <rick.jones2@...com>
To: Luis Carlos Cobo Rus <luiscarlos@...il.com>
Cc: Netdev List <netdev@...r.kernel.org>
Subject: Re: ping DOS avoidance?
I was just asked about something not too different, involving IIRC
tnsping. It got me to looking at ip_sysctl.txt which has:
icmp_ratelimit - INTEGER
Limit the maximal rates for sending ICMP packets whose type
matches icmp_ratemask (see below) to specific targets.
0 to disable any limiting, otherwise the maximal rate in
jiffies(1)
Default: 100
icmp_ratemask - INTEGER
Mask made of ICMP types for which rates are being limited.
Significant bits: IHGFEDCBA9876543210
Default mask: 0000001100000011000 (6168)
Bit definitions (see include/linux/icmp.h):
0 Echo Reply
3 Destination Unreachable *
4 Source Quench *
5 Redirect
8 Echo Request
B Time Exceeded *
C Parameter Problem *
D Timestamp Request
E Timestamp Reply
F Info Request
G Info Reply
H Address Mask Request
I Address Mask Reply
* These are rate limited by default (see default mask above)
(I've always been used to masks being specified as hex values)
rick jones
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists