From owner-freebsd-security  Thu Mar 22 12:18:29 2001
Delivered-To: freebsd-security@freebsd.org
Received: from www3.infolink.com.br (www3.infolink.com.br [200.255.108.4])
	by hub.freebsd.org (Postfix) with ESMTP id C1EF237B71D
	for <freebsd-security@freebsd.org>; Thu, 22 Mar 2001 12:18:25 -0800 (PST)
	(envelope-from apina@infolink.com.br)
Received: from diala11 (unverified [200.255.108.11]) by www3.infolink.com.br
 (Vircom SMTPRS 4.2.181) with SMTP id <B0024784550@www3.infolink.com.br> for <freebsd-security@freebsd.org>;
 Thu, 22 Mar 2001 17:18:22 -0300
Message-ID: <004601c0b30d$3e718e30$0b6cffc8@infolink.com.br>
Reply-To: "Antonio Carlos Pina" <apina@infolink.com.br>
From: "Antonio Carlos Pina" <apina@infolink.com.br>
To: <freebsd-security@freebsd.org>
References: <Pine.BSF.4.33.0103221121250.8421-100000@awww.jeah.net>
Subject: Re: DoS attack - advice needed
Date: Thu, 22 Mar 2001 17:18:22 -0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4029.2901
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4029.2901
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello Chris,

I will give you just one reason: Path-mtu discovery.

Unless you have such type of icmp enabled, some networks won't access your
site.

Best Regards,

Cordialmente,
Antonio Carlos Pina
Diretor de Tecnologia
INFOLINK Internet
http://www.infolink.com.br

----- Original Message -----
From: "Chris Byrnes" <chris@jeah.net>
To: <scanner@jurai.net>
Cc: "Marc Rogers" <marcr@shady.org>; <freebsd-security@FreeBSD.ORG>
Sent: Thursday, March 22, 2001 2:22 PM
Subject: Re: DoS attack - advice needed


> > Do *NOT* block ICMP point blank at ALL. If you need to filter certain
> > type's and code's, fine. But NEVER slap an embargo on the entire ICMP
> > protocol. The mentality to do this blows me away every time I hear it
> > uttered from people.
>
> Why?  If you have idiots running ping -f yourserver.com from 150 ISPs
> around the world, you're going to want to filter ICMP.  That's what I did
> awhile back.
>
> And I haven't found a valid reason to re-enable it.
>
>
>
> + Chris Byrnes, chris@JEAH.net
>  + JEAH Communications
>   + 1-866-AWW-JEAH (Toll-Free)
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message