|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Mike Silbersack (silby_at_silby.com)
Date: Tue Jan 21 2003 - 10:48:58 CST
On Tue, 21 Jan 2003, Martin McCormick wrote:
> On rare occasions, a FreeBSD system in our network has
> been known to print the example shown in the subject at a furious
> rate for a short time and then things get back to normal.
>
> Is that what the effects of a ping flood look like?
>
> On one system running bind9, the named process died after
> the syslog message said that packets had reached 243 per second,
> but I was able to restart it within seconds of its crash.
> Only the named process crashed, not the system.
>
> Any ideas as to what this is?
>
> Martin McCormick WB5AGZ Stillwater, OK
> OSU Center for Computing and Information Services Network Operations Group
This is not a ping flood, as others have reported. ICMP unreach packets
are sent in response to incoming UDP packets to a port which has no
service running on it.
Here's what's happening:
1. BIND crashes.
2. DNS requests keep coming in, at a rate of 231 per second.
3. FreeBSD limits the number of icmp unreach responses, and tells you.
4. You restart BIND, and messages go away.
I can't answer why step #1 occured, but I can assure you that #2 through
#4 are natural results of #1, and are nothing to worry about it.
Mike "Silby" Silbersack
To Unsubscribe: send mail to majordomo
FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]