From owner-freebsd-questions Mon May 3 13:34:25 1999 Delivered-To: freebsd-questions@freebsd.org Received: from bytor.rush.net (bytor.rush.net [209.45.245.145]) by hub.freebsd.org (Postfix) with ESMTP id 9BDC514D23 for ; Mon, 3 May 1999 13:34:19 -0700 (PDT) (envelope-from lynch@rush.net) Received: from localhost (lynch@localhost) by bytor.rush.net (8.9.3/8.9.3) with ESMTP id QAA08085; Mon, 3 May 1999 16:33:49 -0400 (EDT) Date: Mon, 3 May 1999 16:33:49 -0400 (EDT) From: Pat Lynch To: Doug White Cc: Fadi Sodah , freebsd-questions@FreeBSD.ORG Subject: Re: ICMP-attack In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG DOug, that actually won't work, the only way to make smurfs useless is to get enough bandwidth to handle the attack, or have your upstream filter for you, the only thing thios solves is DoS on the local net, but any communication in or out the gateway is still going to be impossible. Now if you do this for icmp going out, it will keep people from launching attacks from your network *but* ICMP is a useful protocol, as I found out when I blocked icmp, some routers need to tell machines to send smaller packets , and will send messages to that effect using ICMP, if you are running a website, this is especially true. so the real solution is to have every network filter icmp going to braodcast addresses and filter packets not appearing to come from its own network, and the select few workstations you want nobody to send icmp packets out from. unfortunately that will never happen, some ISP's network engineers are clueless and therefore open thier networks up to launch attacks from. -Pat ___________________________________________________________________________ Pat Lynch lynch@rush.net Systems Administrator Rush Networking "Wow, everyone looks different in Real Life (tm)"- Nathan Dorfman meeting people at FUNY "Suicide is painless, switching to NT isn't."- Unknown ___________________________________________________________________________ On Mon, 3 May 1999, Doug White wrote: > On Mon, 3 May 1999, Fadi Sodah wrote: > > > What is the best firewall configuration to make smurf > > and ICMPs attack useless? > > deny icmp from any to any > > Doug White > Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve > http://gladstone.uoregon.edu/~dwhite | www.freebsd.org > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message