Date: Thu, 22 Mar 2001 17:32:26 -0300 From: "Ronan Lucio" <ronan@melim.com.br> To: <security@freebsd.org> Subject: Re: DoS attack - advice needed Message-ID: <003d01c0b30f$35aebfa0$2aa8a8c0@melim.com.br>
next in thread | raw e-mail | index | archive | help
> Chris Byrnes wrote: > > > > > >> type 3 is required for TCP/UDP traffic > > > > > > CB> Hrm. > > > > > > I'm sorry. But what means 'Hrm'? It seems I don't know English good > > > enough :( > > > > I think we can move this thread to personal e-mail, because some people > > are getting offended that I don't want ICMP traffic. > > ;-) ICMP filtering is bad for everyone who accesses your > website, as it can cause malfunction. One of the typical problems > is the "freezing" of the http connections when you are viewing a > webpage. The problem? The "ICMP need fragment" messages are > not reaching your web server. If I add a rules: ipfw add pass icmp from any to my.ip.adress icmptypes 3 ipfw add deny icmp from any to mu.ip.adress Will it resolve the problem of fragmented packets? Ronan Lucio To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003d01c0b30f$35aebfa0$2aa8a8c0>