From owner-freebsd-security  Thu Mar 22  8:58:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from aes.thinksec.com (aes.thinksec.com [193.212.248.16])
	by hub.freebsd.org (Postfix) with ESMTP id 000E837B722
	for <freebsd-security@FreeBSD.ORG>; Thu, 22 Mar 2001 08:58:09 -0800 (PST)
	(envelope-from des@thinksec.com)
Received: (from des@localhost)
	by aes.thinksec.com (8.11.3/8.11.3) id f2MGvAE20721;
	Thu, 22 Mar 2001 17:57:10 +0100 (CET)
	(envelope-from des@thinksec.com)
X-Authentication-Warning: aes.thinksec.com: des set sender to des@thinksec.com using -f
X-URL: http://www.ofug.org/~des/
To: <scanner@jurai.net>
Cc: Marc Rogers <marcr@shady.org>, freebsd-security@FreeBSD.ORG
Subject: Re: DoS attack - advice needed
References: <Pine.BSF.4.21.0103221122260.61047-100000@sasami.jurai.net>
From: Dag-Erling Smorgrav <des@thinksec.com>
Date: 22 Mar 2001 17:57:09 +0100
In-Reply-To: <scanner@jurai.net>'s message of "Thu, 22 Mar 2001 11:29:36 -0500 (EST)"
Message-ID: <xzpsnk5lp22.fsf@aes.thinksec.com>
Lines: 12
User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<scanner@jurai.net> writes:
> Do *NOT* block ICMP point blank at ALL. If you need to filter certain
> type's and code's, fine. But NEVER slap an embargo on the entire ICMP
> protocol. The mentality to do this blows me away every time I hear it
> uttered from people.

You can get away with blocking all ICMP traffic except types 0, 3, 8
and 11 (and optionally placing restrictions on 0 and 8).

DES
--=20
Dag-Erling Sm=F8rgrav - des@thinksec.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message