this is the kernel telling you that some activity is provoking it to send more icmp or tcp reset (rst) responses than it thinks it should. icmp responses are often generated as a result of attempted connections to unused udp ports. tcp resets are generated as a result of attempted connections to unopened tcp ports. among others, these are the kinds of activities which may cause these messages:
brute-force denial of service (dos) attacks (as opposed to single-packet attacks which exploit a specific vulnerability).
port scans which attempt to connect to a large number of ports (as opposed to only trying a few well-known ports).
the first number in the message tells you how many packets the kernel would have sent if the limit wasn't in place, and the second number tells you the limit. you can control the limit using the.net..net.icmp.icmplim sysctl variable like this, where 300 is the limit in packets per second:
# sysctl -w.net..net.icmp.icmplim=300
if you don't want to see messages about this in your log files, but you still want the kernel to do response limiting, you can use the.net..net.icmp.icmplim_output sysctl variable to disable the output like this:
# sysctl -w.net..net.icmp.icmplim_output=0
finally, if you want to disable response limiting, you can set the.net..net.icmp.icmplim sysctl variable (see above for an example) to 0. disabling response limiting is discouraged for the reasons listed above.
Java Asp PHP .Net XML C/C++ CGI VB Jsp J2ee J2se J2me EJB Servlet Tomcat Resin Struts Weblogic Eclipse ANT GUI JMS Web servise IDEA Webphere Hibernate Spring Jboss Applet Swing Socket Javamail Perl Ajax P2P 安全 模式 框架 测试 开源 游戏
Windows XP Windows 2000 Windows 2003 Windows Me Windows 9.x Linux UNIX 注册表 操作系统 服务器 应用服务器
