Date: Mon, 3 May 1999 16:33:49 -0400 (EDT) From: Pat Lynch <lynch@rush.net> To: Doug White <dwhite@resnet.uoregon.edu> Cc: Fadi Sodah <sodah@qatar.net.qa>, freebsd-questions@FreeBSD.ORG Subject: Re: ICMP-attack Message-ID: <Pine.BSF.4.05.9905031628510.995-100000@bytor.rush.net> In-Reply-To: <Pine.BSF.4.03.9905031318470.20321-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
DOug, that actually won't work, the only way to make smurfs useless is to
get enough bandwidth to handle the attack, or have your upstream filter
for you, the only thing thios solves is DoS on the local net, but any
communication in or out the gateway is still going to be impossible.
Now if you do this for icmp going out, it will keep people from launching
attacks from your network *but* ICMP is a useful protocol, as I found out
when I blocked icmp, some routers need to tell machines to send smaller
packets , and will send messages to that effect using ICMP, if you are
running a website, this is especially true.
so the real solution is to have every network filter icmp going to
braodcast addresses and filter packets not appearing to come from its own
network, and the select few workstations you want nobody to send icmp
packets out from.
unfortunately that will never happen, some ISP's network engineers are
clueless and therefore open thier networks up to launch attacks from.
-Pat
___________________________________________________________________________
Pat Lynch lynch@rush.net
Systems Administrator Rush Networking
"Wow, everyone looks different in Real Life (tm)"-
Nathan Dorfman meeting people at FUNY
"Suicide is painless, switching to NT isn't."-
Unknown
___________________________________________________________________________
On Mon, 3 May 1999, Doug White wrote:
> On Mon, 3 May 1999, Fadi Sodah wrote:
>
> > What is the best firewall configuration to make smurf
> > and ICMPs attack useless?
>
> deny icmp from any to any
>
> Doug White
> Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve
> http://gladstone.uoregon.edu/~dwhite | www.freebsd.org
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9905031628510.995-100000>