Date: Thu, 22 Mar 2001 11:29:36 -0500 (EST) From: <scanner@jurai.net> To: Marc Rogers <marcr@shady.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: DoS attack - advice needed Message-ID: <Pine.BSF.4.21.0103221122260.61047-100000@sasami.jurai.net> In-Reply-To: <20010322144634.V10016@shady.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Blocking icmp in cases such as these will only cure the symptom, not the > disease. In addition you score an own goal, as by blocking that kind of traffic > withing your own network, the attackers still get to saturate your line(s) and > you are less likely to see some of the "clues" that can help you identify the > perpetrator. Do *NOT* block ICMP point blank at ALL. If you need to filter certain type's and code's, fine. But NEVER slap an embargo on the entire ICMP protocol. The mentality to do this blows me away every time I hear it uttered from people. ============================================================================= -Chris Watson (316) 326-3862 | FreeBSD Consultant, FreeBSD Geek Work: scanner@jurai.net | Open Systems Inc., Wellington, Kansas Home: scanner@deceptively.shady.org | http://open-systems.net ============================================================================= WINDOWS: "Where do you want to go today?" LINUX: "Where do you want to go tomorrow?" BSD: "Are you guys coming or what?" ============================================================================= irc.openprojects.net #FreeBSD -Join the revolution! ICQ: 20016186 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0103221122260.61047-100000>