|
Size: 1045
Comment:
|
← Revision 5 as of 2009-05-05 21:16:13 ⇥
Size: 1066
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 22: | Line 22: |
| ---- CategoryLinux |
ICMP Ratelimit
* I had a problem where running mtr (Gui Traceroute) through a Linux router, would show packet loss on the first hop, the linux router.
It turned out that part of the linux network protection is to limit the number of icmp messages to prevent a denial of service attack(dos)
The settings:
/proc/sys/net/ipv4/icmp_ratelimit /proc/sys/net/ipv4/icmp_ratemask
ratelimit is the number of jiffies between icmp packets. Default:250, lower more packets allowed, All:0
- ratemask a binary mask, 2^n for each icmp option.
- Look into Linux header file. include/linux/icmp.h
An attacker could cause a correctly operating host or router to flood a victim with ICMP replies by sending it packets that generate replies back to the (forged) source address of the victim. It is important in some cases to send such replies, but hardly ever important to generate them at a very high rate.
...