From owner-freebsd-security  Thu Mar 22  9:43:52 2001
Delivered-To: freebsd-security@freebsd.org
Received: from thompson.lcmi.ufsc.br (thompson.lcmi.ufsc.br [150.162.14.19])
	by hub.freebsd.org (Postfix) with ESMTP id 53B6B37B71A
	for <freebsd-security@FreeBSD.ORG>; Thu, 22 Mar 2001 09:43:47 -0800 (PST)
	(envelope-from esms@lcmi.ufsc.br)
Received: from localhost (esms@localhost)
	by thompson.lcmi.ufsc.br (8.9.3/8.9.3) with SMTP id OAA90617;
	Thu, 22 Mar 2001 14:41:44 -0300 (EST)
	(envelope-from esms@lcmi.ufsc.br)
X-Authentication-Warning: thompson.lcmi.ufsc.br: esms owned process doing -bs
Date: Thu, 22 Mar 2001 14:41:44 -0300 (EST)
From: Eduardo Souza Machado da Silva <esms@lcmi.ufsc.br>
Reply-To: Eduardo Souza Machado da Silva <esms@lcmi.ufsc.br>
To: Chris Byrnes <chris@jeah.net>
Cc: scanner@jurai.net, Marc Rogers <marcr@shady.org>,
	freebsd-security@FreeBSD.ORG
Subject: Re: DoS attack - advice needed
In-Reply-To: <Pine.BSF.4.33.0103221121250.8421-100000@awww.jeah.net>
Message-ID: <Pine.BSF.3.96.1010322143134.90073C-100000@thompson.lcmi.ufsc.br>
X-PGP: Public Key available at web site
X-URL: http://www.lcmi.ufsc.br/~esms
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 22 Mar 2001, Chris Byrnes wrote:

> > Do *NOT* block ICMP point blank at ALL. If you need to filter certain
> > type's and code's, fine. But NEVER slap an embargo on the entire ICMP
> > protocol. The mentality to do this blows me away every time I hear it
> > uttered from people.
> 
> Why?  If you have idiots running ping -f yourserver.com from 150 ISPs
> around the world, you're going to want to filter ICMP.  That's what I did
> awhile back.
> 
> And I haven't found a valid reason to re-enable it.

you should read RFC1122 "Requirements for Internet hosts - communication
layers". R.T.  Braden.  Oct-01-1989 (Also STD0003)  (Status: STANDARD): 


              ICMP is a control protocol that is considered to be an
              integral part of IP, although it is architecturally
              layered upon IP, i.e., it uses IP to carry its data end-
              to-end just as a transport protocol like TCP or UDP does.
              ICMP provides error reporting, congestion reporting, and
              first-hop gateway redirection.

and also RFC1191, "Path MTU discovery". J.C. Mogul, S.E.  Deering. 
Nov-01-1990. (Status: DRAFT STANDARD)


esms


> 
> 
> 
> + Chris Byrnes, chris@JEAH.net
>  + JEAH Communications
>   + 1-866-AWW-JEAH (Toll-Free)
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message