Date: Thu, 22 Mar 2001 14:41:44 -0300 (EST) From: Eduardo Souza Machado da Silva <esms@lcmi.ufsc.br> To: Chris Byrnes <chris@jeah.net> Cc: scanner@jurai.net, Marc Rogers <marcr@shady.org>, freebsd-security@FreeBSD.ORG Subject: Re: DoS attack - advice needed Message-ID: <Pine.BSF.3.96.1010322143134.90073C-100000@thompson.lcmi.ufsc.br> In-Reply-To: <Pine.BSF.4.33.0103221121250.8421-100000@awww.jeah.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 22 Mar 2001, Chris Byrnes wrote:
> > Do *NOT* block ICMP point blank at ALL. If you need to filter certain
> > type's and code's, fine. But NEVER slap an embargo on the entire ICMP
> > protocol. The mentality to do this blows me away every time I hear it
> > uttered from people.
>
> Why? If you have idiots running ping -f yourserver.com from 150 ISPs
> around the world, you're going to want to filter ICMP. That's what I did
> awhile back.
>
> And I haven't found a valid reason to re-enable it.
you should read RFC1122 "Requirements for Internet hosts - communication
layers". R.T. Braden. Oct-01-1989 (Also STD0003) (Status: STANDARD):
ICMP is a control protocol that is considered to be an
integral part of IP, although it is architecturally
layered upon IP, i.e., it uses IP to carry its data end-
to-end just as a transport protocol like TCP or UDP does.
ICMP provides error reporting, congestion reporting, and
first-hop gateway redirection.
and also RFC1191, "Path MTU discovery". J.C. Mogul, S.E. Deering.
Nov-01-1990. (Status: DRAFT STANDARD)
esms
>
>
>
> + Chris Byrnes, chris@JEAH.net
> + JEAH Communications
> + 1-866-AWW-JEAH (Toll-Free)
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1010322143134.90073C-100000>