[ previous ] [ next ] [ threads ]
 
 From:  Bryan Marc Schaubach <omschaub at gmail dot com>
 To:  Rasmus Fauske <rasmus at postboks dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Why I left M0N0Wall
 Date:  Sat, 26 Mar 2005 12:23:19 -0500
> This is not packet loss but freebsd shaping the icmp responses to be
> able to let other requests pass as they should


But this behavior on the LAN side results in the local machine loosing
packets... several programs I have used are experiencing this.. I have a
good 5mbit connection and just downloading a lot from the news servers
results in threads giving out because of this 'feature.'  It is one
thing to limit from the WAN side as to prevent a DoS attack.. it is
quite another to limit from the LAN side as to not allow a high threaded
program to get it's requests through.  If your ISP and your computer can
handle/generate these requests in accordance with safe specs, then why
does FreeBSD reject this as a DoS attack.. is it not checking for
validity of this sort of behavior?  Of course this is just IMO..


> Limiting icmp ping response from 235 to 200 packets/sec
> Limiting icmp ping response from 236 to 200 packets/sec
> Limiting icmp ping response from 236 to 200 packets/sec
> Limiting icmp ping response from 236 to 200 packets/sec
>
> As you can see this is a standard freebsd message when under DoS attac
> or something like that. (type dmesg in /exec.php to get the logs of this)
>
> -- 
> Rasmus Fauske
>