From owner-freebsd-security Wed May 27 16:42:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA05033 for freebsd-security-outgoing; Wed, 27 May 1998 16:42:06 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA04647 for ; Wed, 27 May 1998 16:40:13 -0700 (PDT) (envelope-from mike@sentex.net) Received: from ospf-mdt.sentex.net (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.6/8.6.9) with SMTP id TAA18312; Wed, 27 May 1998 19:38:27 -0400 (EDT) From: mike@sentex.net (Mike Tancsa) To: cschuber@uumail.gov.bc.ca Cc: freebsd-security@FreeBSD.ORG Subject: Re: SMURF in 2.2.5 Date: Wed, 27 May 1998 23:41:40 GMT Message-ID: <356ca296.243683658@mail.sentex.net> References: <199805271623.JAA05578@passer.osg.gov.bc.ca> In-Reply-To: <199805271623.JAA05578@passer.osg.gov.bc.ca> X-Mailer: Forte Agent .99e/32.227 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk On Wed, 27 May 1998 09:22:50 -0700, in sentex.lists.freebsd.misc you wrote: >What about ipfw? For example, where 123.123.123.0 is your network >address, > >ipfw add deny icmp from 123.123.123.0 to any >ipfw add deny icmp from 123.123.123.255 to any You dont really want to disable all ICMP traffic as it will break some things... If you want to prevent pings from flowing through your FreeBSD box, you can specify something like ipfw add 4000 deny log icmp from any to any icmptype 0,8 to stop echo and echo reply... Also, this does nothing to prevent you from being SMURF attacked.. It only would help prevent you from being used as a source. Think about it, if your network is something like UPSTREAM --------DS1 link ---------your gateway The flood of packets will traverse your DS1 only to be stopped at "your gateway".. bye bye DS1 bandwidth... ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message