From owner-freebsd-security Thu Mar 22 9:43:52 2001 Delivered-To: freebsd-security@freebsd.org Received: from thompson.lcmi.ufsc.br (thompson.lcmi.ufsc.br [150.162.14.19]) by hub.freebsd.org (Postfix) with ESMTP id 53B6B37B71A for ; Thu, 22 Mar 2001 09:43:47 -0800 (PST) (envelope-from esms@lcmi.ufsc.br) Received: from localhost (esms@localhost) by thompson.lcmi.ufsc.br (8.9.3/8.9.3) with SMTP id OAA90617; Thu, 22 Mar 2001 14:41:44 -0300 (EST) (envelope-from esms@lcmi.ufsc.br) X-Authentication-Warning: thompson.lcmi.ufsc.br: esms owned process doing -bs Date: Thu, 22 Mar 2001 14:41:44 -0300 (EST) From: Eduardo Souza Machado da Silva Reply-To: Eduardo Souza Machado da Silva To: Chris Byrnes Cc: scanner@jurai.net, Marc Rogers , freebsd-security@FreeBSD.ORG Subject: Re: DoS attack - advice needed In-Reply-To: Message-ID: X-PGP: Public Key available at web site X-URL: http://www.lcmi.ufsc.br/~esms MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 22 Mar 2001, Chris Byrnes wrote: > > Do *NOT* block ICMP point blank at ALL. If you need to filter certain > > type's and code's, fine. But NEVER slap an embargo on the entire ICMP > > protocol. The mentality to do this blows me away every time I hear it > > uttered from people. > > Why? If you have idiots running ping -f yourserver.com from 150 ISPs > around the world, you're going to want to filter ICMP. That's what I did > awhile back. > > And I haven't found a valid reason to re-enable it. you should read RFC1122 "Requirements for Internet hosts - communication layers". R.T. Braden. Oct-01-1989 (Also STD0003) (Status: STANDARD): ICMP is a control protocol that is considered to be an integral part of IP, although it is architecturally layered upon IP, i.e., it uses IP to carry its data end- to-end just as a transport protocol like TCP or UDP does. ICMP provides error reporting, congestion reporting, and first-hop gateway redirection. and also RFC1191, "Path MTU discovery". J.C. Mogul, S.E. Deering. Nov-01-1990. (Status: DRAFT STANDARD) esms > > > > + Chris Byrnes, chris@JEAH.net > + JEAH Communications > + 1-866-AWW-JEAH (Toll-Free) > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message