Date: Thu, 22 Mar 2001 11:53:15 -0600 (CST) From: Chris Byrnes <chris@jeah.net> To: Mike Silbersack <silby@silby.com> Cc: <scanner@jurai.net>, Marc Rogers <marcr@shady.org>, <freebsd-security@FreeBSD.ORG> Subject: Re: DoS attack - advice needed Message-ID: <Pine.BSF.4.33.0103221152140.12333-100000@awww.jeah.net> In-Reply-To: <Pine.BSF.4.31.0103221143100.21839-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Why? If you have idiots running ping -f yourserver.com from 150 ISPs > > around the world, you're going to want to filter ICMP. That's what I did > > awhile back. > > > > And I haven't found a valid reason to re-enable it. > > The ratelimiting in 4.3 handles that now, so it's not necessary to block > it anymore. (Though if you're being pung constantly, I can understand the > desire to block it.) Erm. 450mbps in 45 minutes? ;) We filtered it upstream on the edge routers, because it was killing the T1s, obviously. -Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0103221152140.12333-100000>