From owner-freebsd-questions Sun Apr 13 06:25:28 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id GAA04179 for questions-outgoing; Sun, 13 Apr 1997 06:25:28 -0700 (PDT) Received: from obiwan.aceonline.com.au (obiwan.aceonline.com.au [203.103.90.67]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA04174 for ; Sun, 13 Apr 1997 06:25:19 -0700 (PDT) Received: from localhost (adrian@localhost) by obiwan.aceonline.com.au (8.8.5/8.8.5) with SMTP id VAA00428; Sun, 13 Apr 1997 21:12:33 +0800 (WST) Date: Sun, 13 Apr 1997 21:12:33 +0800 (WST) From: Adrian Chadd To: Anthony Barlow cc: freebsd-questions@FreeBSD.ORG Subject: Re: Firewalling large ICMP packets.. In-Reply-To: <3.0.1.32.19970410084803.0068a638@mail.warp.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > >As a note, FreeBSD is immune to the Death Ping (as reported).. I suspect > >you are tyring to save some susceptable machines in your network from > >disaster :) > > That's one of the mail reasons why we are changing our servers over from > Linux 1.2.13 to FreeBSD.2.2.1-RELEASE. We're using a firewall on all our > enrty points to block these and other spoof attempts. I *KNOW* that bit *grin* I'm not worried about our machines dying, I'm worried about people ping flooding our modems, both internally (user - user) and externally (world - user / machine). All a user has to do to ping flood another user off is say hit them with a 4kb ping packet from a decently-connected host to the net. Also - Ive logged a couple gig of ICMPs going to our dialups over the week, and thats a lot in australian dollars. When people don't see ping replies, 9 times out of 10 they stop thinking they've done the deed. I'm pretty sure the cisco 2501 could do that.. but I don't think this is the list to ask how to play with IOS (unless of course, someone has already done it :) Thanks :) Adrian