Re: rate limiting Re: [SLUG] Ping me please!
On Fri, 2003-08-29 at 00:15, [EMAIL PROTECTED] wrote: ** Reply to note from Glen Turner [EMAIL PROTECTED] Thu, 28 Aug 2003 13:39:20 +0930 Fellas, how about using rate limiting. Linux has marvellous QoS features, enough to allow a few ICMP ECHOs for fault diagnosis but to deny a ping flood. where/how to do so ? The rule says if you're coming in at a rate that's less than the limit of 10 per minute, you're accepted. Our course you'd follow it with another rule dropping everything. iptables -A INPUT -s BADPEOPLE -p icmp --icmp-type echo request -m limit --limit 10/minute --limit-burst 2 -j ACCEPT Mike __ Mike MacCana ConsultantRHCE, MCSE, MCP+I Cybersource: Providing Quality IT Professional Services for 11 Years Specialists in Unix/Linux, TCP/IP and Web Application Development Level 4, 10 Queen St, Melbourne. Ph : 03 9621 2377 Fax: 03 9621 2477 -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Ping me please!
David Fisher wrote: Would some kind person please try pinging the addresses 202.12.88.42 or 202.12.88.106 and let me know the results, please? I need to test the ICMP block on my router from external ping traffic. Great, another path MTU discovery black hole, another undiagnosable network. Fellas, how about using rate limiting. Linux has marvellous QoS features, enough to allow a few ICMP ECHOs for fault diagnosis but to deny a ping flood. Note that its probably not a good idea to block ICMP source quench packets. Nah, block those suckers. Source Quench is deprecated. The list is Block Obsolete Source Quench Information Request/Reply Datagram Conversion Shouldn't cross network boundary Address Mask Request/Reply Redirect Domain Name Router Advertisment/Selection Required for operation (rate limit these to, say, 10% of bandwidth) Destination Unreachable Time Exceeded Security Failure Parameter Problem Required for diagnosis (rate limit these to, say, 1% of bandwidth) Echo Request/Reply Timestamp Request/Reply Regards, Glen -- Glen Turner Tel: (08) 8303 3936 or +61 8 8303 3936 Network Engineer Email: [EMAIL PROTECTED] Australian Academic Research Network www.aarnet.edu.au -- linux.conf.au 2004, Adelaide lca2004.linux.org.au Main conference 14-17 January 2004 Miniconfs from 12 Jan -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
rate limiting Re: [SLUG] Ping me please!
** Reply to note from Glen Turner [EMAIL PROTECTED] Thu, 28 Aug 2003 13:39:20 +0930 Fellas, how about using rate limiting. Linux has marvellous QoS features, enough to allow a few ICMP ECHOs for fault diagnosis but to deny a ping flood. where/how to do so ? Voytek Eymont -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Ping me please!
seems to be working #ping 202.12.88.42 PING 202.12.88.42 (202.12.88.42) 56(84) bytes of data. --- 202.12.88.42 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 1999ms [EMAIL PROTECTED]:~$ ping 202.12.88.106 PING 202.12.88.106 (202.12.88.106) 56(84) bytes of data. --- 202.12.88.106 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms On Tue, 2003-08-26 at 14:26, David Fisher wrote: Would some kind person please try pinging the addresses 202.12.88.42 or 202.12.88.106 and let me know the results, please? I need to test the ICMP block on my router from external ping traffic. -- David Quidquid latine dictum sit, altum sonatur. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Ping me please!
Note that its probably not a good idea to block ICMP source quench packets. Andrew McNaughton On Tue, 26 Aug 2003, Adam Hewitt wrote: Date: Tue, 26 Aug 2003 14:30:21 +0800 From: Adam Hewitt [EMAIL PROTECTED] To: David Fisher [EMAIL PROTECTED] Cc: SLUG List [EMAIL PROTECTED] Subject: Re: [SLUG] Ping me please! seems to be working #ping 202.12.88.42 PING 202.12.88.42 (202.12.88.42) 56(84) bytes of data. --- 202.12.88.42 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 1999ms [EMAIL PROTECTED]:~$ ping 202.12.88.106 PING 202.12.88.106 (202.12.88.106) 56(84) bytes of data. --- 202.12.88.106 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms On Tue, 2003-08-26 at 14:26, David Fisher wrote: Would some kind person please try pinging the addresses 202.12.88.42 or 202.12.88.106 and let me know the results, please? I need to test the ICMP block on my router from external ping traffic. -- David Quidquid latine dictum sit, altum sonatur. -- No added Sugar. Not tested on animals. May contain traces of Nuts. If irritation occurs, discontinue use. --- Andrew McNaughton In Sydney Working on a Product Recommender System [EMAIL PROTECTED] Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Ping me please!
Oops... Sorry Adam... Sending things to the wrong places! David, If you are atill able to browse the Web, go to: http://www.network-tools.com/ and ping yourself from there! Edd. ~~~ Im online, therefore I am! ~~~ Original Message Follows From: Adam Hewitt [EMAIL PROTECTED] To: David Fisher [EMAIL PROTECTED] CC: SLUG List [EMAIL PROTECTED] Subject: Re: [SLUG] Ping me please! Date: Tue, 26 Aug 2003 14:30:21 +0800 seems to be working #ping 202.12.88.42 PING 202.12.88.42 (202.12.88.42) 56(84) bytes of data. --- 202.12.88.42 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 1999ms [EMAIL PROTECTED]:~$ ping 202.12.88.106 PING 202.12.88.106 (202.12.88.106) 56(84) bytes of data. --- 202.12.88.106 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms On Tue, 2003-08-26 at 14:26, David Fisher wrote: Would some kind person please try pinging the addresses 202.12.88.42 or 202.12.88.106 and let me know the results, please? I need to test the ICMP block on my router from external ping traffic. -- David Quidquid latine dictum sit, altum sonatur. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug _ Hot chart ringtones and polyphonics. Go to http://ninemsn.com.au/mobilemania/default.asp -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Ping me please!
On Tue, 26 Aug 2003 16:33, Anthony Wood wrote: Probably not the results you were looking for... You should probably post a follow-up to say you don't need any more help either. You're right. And that is enough, thanks, folks. -- David Quidquid latine dictum sit, altum sonatur. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug