Date: Thu, 30 Oct 2003 13:01:37 +1000 (EST) From: Andy Farkas <andyf@speednet.com.au> To: Jarkko Santala <jake@iki.fi> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: Best way to filter "Nachi pings"? Message-ID: <20031030125537.F61846@hewey.af.speednet.com.au> In-Reply-To: <20031027120642.A96390@trillian.santala.org> References: <200310270731.AAA23485@lariat.org> <20031027080240.GA9552@rot13.obsecurity.org> <20031027120642.A96390@trillian.santala.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 27 Oct 2003, Jarkko Santala wrote:
> On Mon, 27 Oct 2003, Kris Kennaway wrote:
> > On Mon, Oct 27, 2003 at 11:06:52AM +0200, Jarkko Santala wrote:
> > >
> > > Definitely this block-all approach is not sane, its like if someone
> > > complains about NFS being broken you'd say disable it. Filtering packets
> > > by length on the other hand is a very nice feature to have.
> >
> > As it happens, ipfw[2] does this anyway.
>
> IMHO this is the correct answer that might have been given right away.
So, using IPFW2, a rule to block the nachi ping would look like:
add deny icmp from any to any in icmptypes 8 iplen 92
correct?
--
:{ andyf@speednet.com.au
Andy Farkas
System Administrator
Speednet Communications
http://www.speednet.com.au/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031030125537.F61846>