On 13 Dec 2016, at 16:24, Michael Butler <imb_at_protected-networks.net> wrote: > > Any hints as to why all of my -current equipment is complaining like below. Somebody is most likely port scanning your machines. I see this all the time on boxes connected to the internet. > Is there a sysctl to moderate/turn this off? > > Dec 13 10:00:01 archive kernel: Limiting icmp unreach response from 1 to 200 packets/sec > Dec 13 10:00:21 archive last message repeated 13 times > Dec 13 10:02:21 archive last message repeated 18 times > Dec 13 10:06:21 archive last message repeated 36 times > Dec 13 10:07:11 archive kernel: Limiting icmp ping response from 1 to 200 packets/sec > Dec 13 10:07:55 archive kernel: Limiting icmp unreach response from 1 to 200 packets/sec > Dec 13 10:08:21 archive last message repeated 17 times > Dec 13 10:08:37 archive kernel: Limiting closed port RST response from 4 to 200 packets/sec > Dec 13 10:09:55 archive kernel: Limiting icmp unreach response from 1 to 200 packets/sec > Dec 13 10:10:21 archive last message repeated 17 times > Dec 13 10:12:21 archive last message repeated 18 times > Dec 13 10:12:28 archive kernel: Limiting icmp ping response from 1 to 200 packets/sec > Dec 13 10:13:55 archive kernel: Limiting icmp unreach response from 1 to 200 packets/sec > Dec 13 10:14:21 archive last message repeated 17 times > Dec 13 10:16:21 archive last message repeated 18 times sysctl net.inet.icmp.icmplim_output=0, or increase the ICMP limit, if you want to help the port scanners. :-) -Dimitry
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:09 UTC