From owner-freebsd-security Thu Mar 22 6:20:38 2001 Delivered-To: freebsd-security@freebsd.org Received: from news.lucky.net (news.lucky.net [193.193.193.102]) by hub.freebsd.org (Postfix) with ESMTP id 2956C37B71D for ; Thu, 22 Mar 2001 06:20:33 -0800 (PST) (envelope-from ostap@ukrpost.net) Received: (from mail@localhost) by news.lucky.net (8.Who.Cares/8.Who.Cares) id QHW31494 for freebsd-security@freebsd.org; Thu, 22 Mar 2001 16:20:29 +0200 (envelope-from ostap@ukrpost.net) From: ostap To: freebsd-security@freebsd.org Subject: DoS attack - advice needed Date: Thu, 22 Mar 2001 16:19:12 +0200 Organization: Unknown Message-ID: <3ABA09E0.141711C9@ukrpost.net> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit X-Trace: news.lucky.net 985270734 31360 193.193.192.142 (22 Mar 2001 14:18:54 GMT) X-Complaints-To: usenet@news.lucky.net X-Mailer: Mozilla 4.75 [en] (Win95; U) X-Accept-Language: en Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It looks as I had an icmp DoS attack recently on my freebsd 3.3-release server. the box was totally frozen and another machine plugged into the same switch (freebsd 4.1) showed a lot of 'icmp bandwidth limit' messages, the switch showed about 80% load ( against 10% normal), and all computers connected to it were totally blocked out. this was done from internal network (this server is a gateway), and i don't have any filter rules/blocks for outgoing traffic. i'm interested in the ways how this can be done, and what is needeed to prevent such attacks on 3.x freebsd, without blocking all icmp traffic. thanks in advance To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message