Date: 22 Mar 2001 17:57:09 +0100 From: Dag-Erling Smorgrav <des@thinksec.com> To: <scanner@jurai.net> Cc: Marc Rogers <marcr@shady.org>, freebsd-security@FreeBSD.ORG Subject: Re: DoS attack - advice needed Message-ID: <xzpsnk5lp22.fsf@aes.thinksec.com> In-Reply-To: <scanner@jurai.net>'s message of "Thu, 22 Mar 2001 11:29:36 -0500 (EST)" References: <Pine.BSF.4.21.0103221122260.61047-100000@sasami.jurai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
<scanner@jurai.net> writes: > Do *NOT* block ICMP point blank at ALL. If you need to filter certain > type's and code's, fine. But NEVER slap an embargo on the entire ICMP > protocol. The mentality to do this blows me away every time I hear it > uttered from people. You can get away with blocking all ICMP traffic except types 0, 3, 8 and 11 (and optionally placing restrictions on 0 and 8). DES --=20 Dag-Erling Sm=F8rgrav - des@thinksec.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpsnk5lp22.fsf>