From owner-freebsd-questions Sun Apr 13 09:59:59 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA14127 for questions-outgoing; Sun, 13 Apr 1997 09:59:59 -0700 (PDT) Received: from mixcom.mixcom.com (mixcom.mixcom.com [198.137.186.100]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id JAA14122 for ; Sun, 13 Apr 1997 09:59:56 -0700 (PDT) Received: by mixcom.mixcom.com (8.6.12/2.2) id MAA05159; Sun, 13 Apr 1997 12:01:04 -0500 Received: from p75.mixcom.com(198.137.186.25) by mixcom.mixcom.com via smap (V1.3) id sma005147; Sun Apr 13 17:00:43 1997 Message-Id: <3.0.32.19970413115314.00d09a64@mixcom.com> X-Sender: sysop@mixcom.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Sun, 13 Apr 1997 11:53:15 -0500 To: Adrian Chadd From: "Jeffrey J. Mountin" Subject: Re: Firewalling large ICMP packets.. Cc: Anthony Barlow , freebsd-questions@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk At 09:12 PM 4/13/97 +0800, Adrian Chadd wrote: >I *KNOW* that bit *grin* Odd all this talk here and elsewhere... what do I find in mail mail (at home even) a thing about Redhat. Have a set of CDs, but their old and dusty. Have to dust them and use them for coasters. Just like the IE 2.0 admin coaster on my desk. 8-) >I'm not worried about our machines dying, I'm worried about people ping >flooding our modems, both internally (user - user) and externally (world - >user / machine). All a user has to do to ping flood another user off is >say hit them with a 4kb ping packet from a decently-connected host to the >net. Some might call you a communist, but you can and probably should filter ICMP ping to dial-up from the world, not internal, as you may want to see if someone is alive. You may be able to protect dial-ups from each other. Working on other things, but some day... >Also - Ive logged a couple gig of ICMPs going to our dialups over the >week, and thats a lot in australian dollars. When people don't see ping >replies, 9 times out of 10 they stop thinking they've done the deed. Ouch! Just for fun the other day I flooded a friend as he was checking mail, poof, ring, "yes..", or sorry did you mail timeout? "No route to host" works better. If you logged it, did you send a message to the owner? Along with a bill, which they could pass to their user(s). >I'm pretty sure the cisco 2501 could do that.. but I don't think this is >the list to ask how to play with IOS (unless of course, someone has >already done it :) Easily. And it should be, along with a slew of other things to filter. One thing I like for security on 2.2.1 was the default inetd.conf with almost all services commented out. The log for ports related to NFS is growing and I've found some hits to RADIUS recently, as well as the usual spoofing in or out and mail to websites is on the rise, which is just another reason why I don't allow MX for www. and once customers understand it, they like it. ------------------------------------------- Jeff Mountin - System/Network Administrator jeff@mixcom.net MIX Communications Serving the Internet since 1990