From owner-freebsd-security  Thu Mar 22  9:53:24 2001
Delivered-To: freebsd-security@freebsd.org
Received: from awww.jeah.net (awww.jeah.net [216.111.239.130])
	by hub.freebsd.org (Postfix) with ESMTP id DE7FB37B719
	for <freebsd-security@FreeBSD.ORG>; Thu, 22 Mar 2001 09:53:20 -0800 (PST)
	(envelope-from chris@jeah.net)
Received: from localhost (chris@localhost)
	by awww.jeah.net (8.11.1/8.11.0) with ESMTP id f2MHrGt12395;
	Thu, 22 Mar 2001 11:53:16 -0600 (CST)
	(envelope-from chris@jeah.net)
Date: Thu, 22 Mar 2001 11:53:15 -0600 (CST)
From: Chris Byrnes <chris@jeah.net>
To: Mike Silbersack <silby@silby.com>
Cc: <scanner@jurai.net>, Marc Rogers <marcr@shady.org>,
	<freebsd-security@FreeBSD.ORG>
Subject: Re: DoS attack - advice needed
In-Reply-To: <Pine.BSF.4.31.0103221143100.21839-100000@achilles.silby.com>
Message-ID: <Pine.BSF.4.33.0103221152140.12333-100000@awww.jeah.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> > Why?  If you have idiots running ping -f yourserver.com from 150 ISPs
> > around the world, you're going to want to filter ICMP.  That's what I did
> > awhile back.
> >
> > And I haven't found a valid reason to re-enable it.
>
> The ratelimiting in 4.3 handles that now, so it's not necessary to block
> it anymore.  (Though if you're being pung constantly, I can understand the
> desire to block it.)

Erm.  450mbps in 45 minutes? ;)

We filtered it upstream on the edge routers, because it was killing
the T1s, obviously.

-Chris


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message