> Does an alarming amount of "ICMP: failed checksum from xxx.xxx.xxx.xxx"
> necessarily tip off an attempted DoS attack? Are these normal? Should I get
> this message a few times, and then other times a lot?
>
> I think some ruthless Quake players are trying to take down the server by doing
> such a thing..
I've seen two different Linux boxes die horribly (hang) in the past. Last
thing logged: _huge_ amounts of ICMP failed checksums. Kernels were 1.2.13
and 2.0.x respectively.
I notice in a recent vger davem snapshot there were some fixes relating to
proper ICMP size checking upon bad packets. Is this related..????
I've been wondering about this for some time.
Chris