From owner-freebsd-security Thu Mar 22 9:44:55 2001 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (adam042-060.resnet.wisc.edu [146.151.42.60]) by hub.freebsd.org (Postfix) with ESMTP id 43D6437B71B for ; Thu, 22 Mar 2001 09:44:53 -0800 (PST) (envelope-from silby@silby.com) Received: (qmail 21873 invoked by uid 1000); 22 Mar 2001 17:44:52 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 22 Mar 2001 17:44:52 -0000 Date: Thu, 22 Mar 2001 11:44:52 -0600 (CST) From: Mike Silbersack To: Chris Byrnes Cc: , Marc Rogers , Subject: Re: DoS attack - advice needed In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 22 Mar 2001, Chris Byrnes wrote: > Why? If you have idiots running ping -f yourserver.com from 150 ISPs > around the world, you're going to want to filter ICMP. That's what I did > awhile back. > > And I haven't found a valid reason to re-enable it. The ratelimiting in 4.3 handles that now, so it's not necessary to block it anymore. (Though if you're being pung constantly, I can understand the desire to block it.) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message