From owner-FreeBSD-users-jp@jp.freebsd.org  Mon Sep  4 09:25:02 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id JAA53295;
	Mon, 4 Sep 2000 09:25:02 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from hitpro.hitachi.co.jp (root@hitpro.hitachi.co.jp [133.145.224.7])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id JAA53288
	for <FreeBSD-users-jp@jp.freebsd.org>; Mon, 4 Sep 2000 09:25:01 +0900 (JST)
	(envelope-from karasu@hinet.co.jp)
Received: from hgw.hinet.co.jp by hitpro.hitachi.co.jp (8.9.3/3.7W-hitpro) id JAA06543; Mon, 4 Sep 2000 09:25:00 +0900 (JST)
Received: from eucharis.scu.hinet.co.jp ([192.168.12.232])
	by hgw.hinet.co.jp (8.9.1a+3.1W/3.7W/HINET-2) with ESMTP id JAA09363
	for <FreeBSD-users-jp@jp.freebsd.org>; Mon, 4 Sep 2000 09:24:19 +0900 (JST)
Date: Mon, 04 Sep 2000 09:24:19 +0900
Message-ID: <6twvgt57ik.wl@eucharis.scu.hinet.co.jp>
From: =?ISO-2022-JP?B?GyRCMSg7MxsoQiAbJEJNOkJnGyhC?= <karasu@hinet.co.jp>
To: FreeBSD-users-jp@jp.freebsd.org
In-Reply-To: In your message of "Sat, 2 Sep 2000 10:15:30 +0900 (JST)"
	<200009020115.e821FUX06548@muse.hans.or.jp>
References: <200009010504.e8154mp29914@muse.hans.or.jp>
	<6t4s40comq.wl@eucharis.scu.hinet.co.jp>
	<200009020115.e821FUX06548@muse.hans.or.jp>
User-Agent: Wanderlust/1.1.0 (Overjoyed) SEMI/1.13.7 (Awazu) FLIM/1.13.2 (Kasanui) MULE/2.3 (SUETSUMUHANA) (based on Emacs 19.34)
MIME-Version: 1.0 (generated by SEMI 1.13.7 - "Awazu")
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: FreeBSD-users-jp 54791
Subject: [FreeBSD-users-jp 54791] Re: About icmp-response bandwidth limit 124/100 pps
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: karasu@hinet.co.jp


$B1(;3!w(BHINET$B$G$9(B

At Sat, 2 Sep 2000 10:15:30 +0900 (JST),
shin@hans.or.jp (Teruhiko Shinmura) wrote:

> K>  icmp$B$KBP$9$k1~Ez$,C10L;~4VEv$?$jogCM$r1[$($k$HH/@8$7$^$9(B
> 
> $B$=$&$J$s$G$9$+!#(B
> $B$3$l$ODL>o$N1?MQ$G$h$/H/@8$9$k$h$&$J0lHLE*$J$b$N$G$7$g$&$+(B?

 $B$&!<$s!"!XDL>o$N1?MQ!Y$H$$$&$N$,Hs>o$K<g4QE*$J$N$G!"$I$&$H$b8@$($^$;(B
 $B$s$,!">/$J$/$H$b2q<R$NIt$d3X9;$N8&5f<<$N(Bfile server$B$H$+$G(B
 $B$3$l$,=P$F$?$i!"30It$h$jFbIt$N0-?M$rC5$;$C$F5$$,$7$^$9(B :-)

> K> net.inet.icmp.icmplim: 100
> K> $B$C$F=P$F$/$k$H;W$$$^$9(B
> 
> $B$O$$!"=P$^$7$?!#(B

 $B$D$$$G$K(B get$B$N=j$r(Bset$B$K$7$F(B 100$B$r(B200$B$H$+$K$9$k$H(Blimit$B$b(B200$B$K$J$j$^$9(B
 $B$,!":,K\E*2r7h$K$O$J$i$J$$$G$9$M(B.
 $B$D$$$G$K$$$i$sBS0h;H$&$N$G!"%l%9%]%s%9$,Mn$A$k!)(B

> K> UDP $B$N(B port scan$B$r<u$1$k$H=P$k$H;W$$$^$9(B
> 
> $B$=$&$J$s$G$9$+!#(B
> $B$d$C$Q$j%]!<%H%9%-%c%s$H4X78$,$"$C$?$N$G$9$M!#(B
> $B$3$N$h$&$J%"%?%C%/$N0l<o$r$5$l$?>l9g$KBP=h$9$kJ}K!$O2?$+$"$j$^$9$+(B?

 $B$=$3$O!"1?MQJ}?K$r$I$&$9$k$+$K$h$C$F0c$&$N$G0l35$K$O8@$($^$;$s(B
 icmp_err$B$rJV$9$b$NA4HL$G=P$k$O$:!#(B
 
 $B@)8B$7$F$$$k$@$1$J$N$G!"(Blog$B$,=P$k;v$5$(5$$K$7$J$1$l$P(B
 $BLdBjL5$$$H$b8@$($^$9!#(B
 ($B$J$s$G=P$k$+$rCV$$$F$*$/$N$O4m81$G$9$,(B)

 $B0lHLE*$J2r7hK!(B $B$H8@$($k$+$I$&$+$O(B $B$*$$$H$$$F(B

 $B2DG=$J$i>eN.$N%k!<%?$b$7$/$O%U%!%$%"%&%)!<%k$G(BICMP$B$X$NJV;v$r(B
 drop$B$9$k$H$+$GBP=h$G$-$^$9(B
 ($BIi2Y$,$=$C$A$K0\$k$@$1$G$9$1$I(B)

> $B%+!<%M%k%3%s%Q%$%k$G;XDj$9$k!"(B
> options		"ICMP_BANDLIM"
> $B$H4X78$,$"$j$^$9$G$7$g$&$+(B?

 /usr/src/sys/i386/conf/LINT $B$K(B

# ICMP_BANDLIM enables icmp error response bandwidth limiting.   You
# typically want this option as it will help protect the machine from
# D.O.S. packet attacks.

$B$H=q$$$F$"$k$h$&$K!"M>7W$JIi2Y$r$+$1$J$$0Y$N@_Dj$N$h$&$G$9!#(B

> $B:G6a$N(B 4.1R $B$@$H(B rc.conf $B$G2?$d$i@_Dj$G$-$k$h$&$J46$8$G$9!#(B

 $B$=$&$J$s$G$9$+!)(B 4.1$B$O$$$l$F$J$$$N$G$o$+$j$^$;$s(B
 $B$9$/$J$/$H$b(B4.0$B$K$OL5$$$G$9$M!#(B

> K> nmap$B$,$"$k$J$i(Broot$B$G(B
> 
> nmap $B$O%$%s%9%H!<%k$7$F$$$J$$$N$G$"$j$^$;$s$,!"%F%9%H$7$F$_$?$$$H(B
> $B;W$$$^$9!#(B

 $B$^!"(Bnmap$B$,(BOS$B%$%s%9%H!<%k;~$KI8=`$G$$$l$k(B
 $B%"%W%j$K$J$C$F$k4D6-$H8@$&$N$OHs>o$KFC<l$G$7$g$&(B :-p

 $B%$%s%9%H!<%k$;$:$K(Bcomile$B$7$?%G%#%l%/%H%j$G5/F0$7$F(B
 $B;n$7$?$i!"$5$C$/$j:o=|$9$kJ}$,NI$$$H;W$$$^$9!#(B

----------------------------
($B3t(B)$BF|N)>pJs%M%C%H%o!<%/(B
SC2 $B1(;3M:Bg(B
e-mail:karasu@hinet.co.jp
