Date: Thu, 22 Mar 2001 08:26:26 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: ostap <ostap@ukrpost.net> Cc: <freebsd-security@freebsd.org> Subject: Re: DoS attack - advice needed Message-ID: <Pine.BSF.4.31.0103220823070.21538-100000@achilles.silby.com> In-Reply-To: <3ABA09E0.141711C9@ukrpost.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 22 Mar 2001, ostap wrote: > It looks as I had an icmp DoS attack recently > on my freebsd 3.3-release server. > the box was totally frozen and another machine plugged into the same > switch (freebsd 4.1) showed a lot of 'icmp bandwidth limit' messages, > the switch showed about 80% load ( against 10% normal), and all > computers > connected to it were totally blocked out. > this was done from internal network (this server is a gateway), and i > don't have any filter rules/blocks for outgoing traffic. > i'm interested in the ways how this can be done, and what is needeed > to prevent such attacks on 3.x freebsd, without blocking all icmp > traffic. > > thanks in advance The icmp-response messages can be caused by many different things, all of which are _not_ incoming icmp. Don't try to block icmp, it will not solve your problem one bit. If you're interested in making your boxes more resiliant to attack, you should upgrade to at least 3.5-stable, and preferrably 4.3-stable. 3.3 is old, and many networking bugs have been fixed since. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0103220823070.21538-100000>