From owner-freebsd-isp Fri Jul 2 18: 1:16 1999 Delivered-To: freebsd-isp@freebsd.org Received: from velvet.sensation.net.au (serial0-velvet.Brunswick.sensation.net.au [203.20.114.195]) by hub.freebsd.org (Postfix) with ESMTP id 9FC8415114 for ; Fri, 2 Jul 1999 18:01:05 -0700 (PDT) (envelope-from rowan@sensation.net.au) Received: from localhost (rowan@localhost) by velvet.sensation.net.au (8.8.8/8.8.8) with SMTP id LAA04665 for ; Sat, 3 Jul 1999 11:01:08 +1000 (EST) (envelope-from rowan@sensation.net.au) X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs Date: Sat, 3 Jul 1999 11:01:08 +1000 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: Re: ipfw - can it deny ICMP "3.2" (type 3, subtype 2)? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 2 Jul 1999, Julian Elischer wrote: > On Fri, 10 Jun 1994, Rowan Crowe wrote: This was due to a m/b upgrade, I forgot to reset the clock. (whoops) An ntpdate entry in crontab took care of it within 24 hours... > > As this is a reasonably common attack and fairly simplistic in nature I > > thought I might be able to get ipfw to block it. However, after some head > > scratching and reading of the man pages it seems that ipfw will not allow > > me to block a "subtype" such as the '.2' in 3.2. > > > > satin# ipfw a 1 deny icmp from 1.2.3.4 to 1.2.3.4 icmptypes 3.2 > > ipfw: error: invalid ICMP type > > > > I can't just blanket block type 3 as that's destination unreachable, which > > generally is a legitimate ICMP message that should be passed. > > > > Any ideas? > > a patch to /sys/netinet/ip_fw.c that implements this > and > /usr/src/sbin/ipfw > > would not be too hard for you to write if you wanted that functionality, > and we could certainly commit it if you did.. > :-) ...except my knowledge of C, especially existing code, isn't the best. ;-) You should see some of my own programs written from scratch, a lot of them use my own functions written from first principles because I don't fully understand how to pass parameters to certain standard library calls (sockets are one of those things) Any takers? :) Cheers. -- Rowan Crowe http://www.rowan.sensation.net.au/ Sensation Internet Services http://www.sensation.net.au/ Melbourne, Australia Phone: +61-3-9388-9260 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message