From owner-freebsd-hackers Tue Mar 26 07:49:07 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id HAA16708 for hackers-outgoing; Tue, 26 Mar 1996 07:49:07 -0800 (PST) Received: from etinc.com (etinc.com [204.141.244.98]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id HAA16686 for ; Tue, 26 Mar 1996 07:49:03 -0800 (PST) Received: from dialup-usr11.etinc.com (dialup-usr11.etinc.com [204.141.95.132]) by etinc.com (8.6.12/8.6.9) with SMTP id KAA06239; Tue, 26 Mar 1996 10:51:43 -0500 Date: Tue, 26 Mar 1996 10:51:43 -0500 Message-Id: <199603261551.KAA06239@etinc.com> X-Sender: dennis@etinc.com X-Mailer: Windows Eudora Version 2.0.3 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: Darren Reed From: dennis@etinc.com (dennis) Subject: Re: Restricting ping -s and -l Cc: hackers@freebsd.org Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >In some mail from Brian Tao, sie said: >> >> Are there any good reasons why a non-root user should need the -s >> and -l options in ping? I've had problems in the past with users >> starting up a dozen "ping -s 8000"'s to a foreign site, saturating our >> own T1 to the net. Who needs ping -f when you can control the packet >> size. :( >> >> I can't really think of any legitimate reason for allowing -s and >> -l to unprivileged user, but before I modify the source, I figured I'd >> ask around first. :) > >Do you stop them sending arbitary 8000 byte UDP packets ? > >Or is it the reurns which hurt ? Hack the host (or better yet the router) to discard all ping packets with a sequence number greater than (say 5). You don't want to restrict pings altogether, but theres rarely a good reason to send more than a few. Its real nice to do this in the router because it will keep other people from pinging you and eating up your bandwidth. Dennis ---------------------------------------------------------------------------- Emerging Technologies, Inc. http://www.etinc.com Synchronous Communications Cards and Routers For Discriminating Tastes. 56k to T1 and beyond. Frame Relay, PPP, HDLC, and X.25 for BSD/OS, FreeBSD and LINUX