From owner-freebsd-questions Tue May 4 15: 8:17 1999 Delivered-To: freebsd-questions@freebsd.org Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32]) by hub.freebsd.org (Postfix) with ESMTP id D003C15212 for ; Tue, 4 May 1999 15:08:14 -0700 (PDT) (envelope-from dwhite@resnet.uoregon.edu) Received: from localhost (dwhite@localhost) by resnet.uoregon.edu (8.8.8/8.8.8) with ESMTP id PAA23114; Tue, 4 May 1999 15:07:58 -0700 (PDT) (envelope-from dwhite@resnet.uoregon.edu) Date: Tue, 4 May 1999 15:07:57 -0700 (PDT) From: Doug White To: Pat Lynch Cc: Fadi Sodah , freebsd-questions@FreeBSD.ORG Subject: Re: ICMP-attack In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 3 May 1999, Pat Lynch wrote: > DOug, that actually won't work, the only way to make smurfs useless is to > get enough bandwidth to handle the attack, or have your upstream filter > for you, the only thing thios solves is DoS on the local net, but any > communication in or out the gateway is still going to be impossible. Er? If you filter ICMP at your router, the pings (or whatever) can't reach their intended target. If you want to completely foil smurfs on your FreeBSD boxen, set sysctl net.inet.icmp.bmcastecho=0. > Now if you do this for icmp going out, it will keep people from launching > attacks from your network *but* ICMP is a useful protocol, as I found out > when I blocked icmp, some routers need to tell machines to send smaller > packets , and will send messages to that effect using ICMP, if you are > running a website, this is especially true. Yeah, it break MTU Discovery and other actually useful bits. The rule could be more detailed. Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message