Date: Sun, 13 Apr 1997 21:12:33 +0800 (WST) From: Adrian Chadd <adrian@obiwan.aceonline.com.au> To: Anthony Barlow <tony@warp.co.uk> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Firewalling large ICMP packets.. Message-ID: <Pine.BSF.3.95q.970413210939.356D-100000@obiwan.aceonline.com.au> In-Reply-To: <3.0.1.32.19970410084803.0068a638@mail.warp.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
> >As a note, FreeBSD is immune to the Death Ping (as reported).. I suspect > >you are tyring to save some susceptable machines in your network from > >disaster :) > > That's one of the mail reasons why we are changing our servers over from > Linux 1.2.13 to FreeBSD.2.2.1-RELEASE. We're using a firewall on all our > enrty points to block these and other spoof attempts. I *KNOW* that bit *grin* I'm not worried about our machines dying, I'm worried about people ping flooding our modems, both internally (user - user) and externally (world - user / machine). All a user has to do to ping flood another user off is say hit them with a 4kb ping packet from a decently-connected host to the net. Also - Ive logged a couple gig of ICMPs going to our dialups over the week, and thats a lot in australian dollars. When people don't see ping replies, 9 times out of 10 they stop thinking they've done the deed. I'm pretty sure the cisco 2501 could do that.. but I don't think this is the list to ask how to play with IOS (unless of course, someone has already done it :) Thanks :) Adrian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970413210939.356D-100000>