Re: [2.0.x/2.1.x] Lots of ICMP error msgs

Chris Evans (chris@ferret.lmh.ox.ac.uk)
Tue, 30 Sep 1997 11:08:58 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Oliver Teuber: "Hisax ISDN freeze"
Previous message: Richard Guenther: "Re: 2.1.57 /proc problem"
Next in thread: Andi Kleen: "Re: [2.0.x/2.1.x] Lots of ICMP error msgs"
Reply: Andi Kleen: "Re: [2.0.x/2.1.x] Lots of ICMP error msgs"

On Tue, 30 Sep 1997, Aaron Tiensivu wrote:

> Does an alarming amount of "ICMP: failed checksum from xxx.xxx.xxx.xxx"
> necessarily tip off an attempted DoS attack? Are these normal? Should I get
> this message a few times, and then other times a lot?
>
> I think some ruthless Quake players are trying to take down the server by doing
> such a thing..

I've seen two different Linux boxes die horribly (hang) in the past. Last
thing logged: _huge_ amounts of ICMP failed checksums. Kernels were 1.2.13
and 2.0.x respectively.

I notice in a recent vger davem snapshot there were some fixes relating to
proper ICMP size checking upon bad packets. Is this related..????

I've been wondering about this for some time.

Chris

Next message: Oliver Teuber: "Hisax ISDN freeze"
Previous message: Richard Guenther: "Re: 2.1.57 /proc problem"
Next in thread: Andi Kleen: "Re: [2.0.x/2.1.x] Lots of ICMP error msgs"
Reply: Andi Kleen: "Re: [2.0.x/2.1.x] Lots of ICMP error msgs"