From owner-freebsd-security Thu Aug 17 6:25:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from altair.origenbio.com (altair.origenbio.com [216.30.62.130]) by hub.freebsd.org (Postfix) with ESMTP id E87B337B616 for ; Thu, 17 Aug 2000 06:25:46 -0700 (PDT) Received: from origen.com (dubhe.origen [192.168.0.5]) by altair.origenbio.com (8.9.3/8.9.3) with ESMTP id IAA73986; Thu, 17 Aug 2000 08:25:27 -0500 (CDT) (envelope-from dmartin@origen.com) Message-ID: <399BE73E.5C380746@origen.com> Date: Thu, 17 Aug 2000 08:23:10 -0500 From: Richard Martin Organization: OriGen, inc. X-Mailer: Mozilla 4.74 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Manfredi Blasucci Cc: "Rashid N. Achilov" , Erick Mechler , freebsd-security@FreeBSD.ORG Subject: Re: deny incoming icmp References: <399BB063.EB511C8A@inet.it> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Correct me if I am wrong, but wouldn't a single rule be faster? /sbin/ipfw add pass icmp from ${oip} to any icmptypes 0,3,4,8,11,12 # outward /sbin/ipfw add pass icmp from any to ${oip} icmptypes 0,3,4,11,12 # inward ( icmp type 4 is source quench) and you may not want to log every ping, but know what isn't getting in /sbin/ipfw add deny log icmp from any to any > > Try with those: > > ${fwcmd} add allow log icmp from any to $ip via $eth out > ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 0 <- Echo Reply > ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 3 <- Destination Unreachable > ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 8 <- Echo > ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 11 <- Time Exceded > ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 12 <- Parameter Problem > > See also http://www.sys-security.com/archive/papers/ICMP_Scanning.pdf. > > Bye, > Manf > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Richard Martin dmartin@origen.com OriGen, inc. Tel: +1 512 474 7278 2525 Hartford Rd. Fax: +1 512 708 8522 Austin, TX 78703 http://www.origen.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message