From owner-freebsd-security Thu Mar 22 6:26:35 2001 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (adam042-060.resnet.wisc.edu [146.151.42.60]) by hub.freebsd.org (Postfix) with ESMTP id 7C6A837B719 for ; Thu, 22 Mar 2001 06:26:32 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 21543 invoked by uid 1000); 22 Mar 2001 14:26:26 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 22 Mar 2001 14:26:26 -0000 Date: Thu, 22 Mar 2001 08:26:26 -0600 (CST) From: Mike Silbersack To: ostap Cc: Subject: Re: DoS attack - advice needed In-Reply-To: <3ABA09E0.141711C9@ukrpost.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 22 Mar 2001, ostap wrote: > It looks as I had an icmp DoS attack recently > on my freebsd 3.3-release server. > the box was totally frozen and another machine plugged into the same > switch (freebsd 4.1) showed a lot of 'icmp bandwidth limit' messages, > the switch showed about 80% load ( against 10% normal), and all > computers > connected to it were totally blocked out. > this was done from internal network (this server is a gateway), and i > don't have any filter rules/blocks for outgoing traffic. > i'm interested in the ways how this can be done, and what is needeed > to prevent such attacks on 3.x freebsd, without blocking all icmp > traffic. > > thanks in advance The icmp-response messages can be caused by many different things, all of which are _not_ incoming icmp. Don't try to block icmp, it will not solve your problem one bit. If you're interested in making your boxes more resiliant to attack, you should upgrade to at least 3.5-stable, and preferrably 4.3-stable. 3.3 is old, and many networking bugs have been fixed since. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message