From owner-freebsd-security  Thu Mar 22  9:22:53 2001
Delivered-To: freebsd-security@freebsd.org
Received: from awww.jeah.net (awww.jeah.net [216.111.239.130])
	by hub.freebsd.org (Postfix) with ESMTP id 3C9E337B71C
	for <freebsd-security@FreeBSD.ORG>; Thu, 22 Mar 2001 09:22:50 -0800 (PST)
	(envelope-from chris@jeah.net)
Received: from localhost (chris@localhost)
	by awww.jeah.net (8.11.1/8.11.0) with ESMTP id f2MHMQl09987;
	Thu, 22 Mar 2001 11:22:27 -0600 (CST)
	(envelope-from chris@jeah.net)
Date: Thu, 22 Mar 2001 11:22:26 -0600 (CST)
From: Chris Byrnes <chris@jeah.net>
To: <scanner@jurai.net>
Cc: Marc Rogers <marcr@shady.org>, <freebsd-security@FreeBSD.ORG>
Subject: Re: DoS attack - advice needed
In-Reply-To: <Pine.BSF.4.21.0103221122260.61047-100000@sasami.jurai.net>
Message-ID: <Pine.BSF.4.33.0103221121250.8421-100000@awww.jeah.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Do *NOT* block ICMP point blank at ALL. If you need to filter certain
> type's and code's, fine. But NEVER slap an embargo on the entire ICMP
> protocol. The mentality to do this blows me away every time I hear it
> uttered from people.

Why?  If you have idiots running ping -f yourserver.com from 150 ISPs
around the world, you're going to want to filter ICMP.  That's what I did
awhile back.

And I haven't found a valid reason to re-enable it.



+ Chris Byrnes, chris@JEAH.net
 + JEAH Communications
  + 1-866-AWW-JEAH (Toll-Free)



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message