From owner-freebsd-security Thu Mar 22 12:45:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from salseiros.melim.com.br (salseiros.melim.com.br [200.215.110.23]) by hub.freebsd.org (Postfix) with ESMTP id 6FD9B37B71E for ; Thu, 22 Mar 2001 12:45:26 -0800 (PST) (envelope-from ronan@melim.com.br) Received: from fazendinha (fazendinha.melim.com.br [192.168.168.42]) by salseiros.melim.com.br (8.9.3/8.9.3) with SMTP id RAA46878 for ; Thu, 22 Mar 2001 17:38:10 -0300 (EST) (envelope-from ronan@melim.com.br) Message-ID: <007101c0b311$0d67db60$2aa8a8c0@melim.com.br> From: "Ronan Lucio" To: Subject: Re: DoS attack - advice needed Date: Thu, 22 Mar 2001 17:45:37 -0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sorry, I´d like say to allow the follow icmptypes: 3 (destination unreachable) 4 (source quench) 11 (ttl exceeded) 12 (ip header bad) I think it´s enough to cause no problem to the system and block ping packets Ronan Lucio > If I add a rules: > > ipfw add pass icmp from any to my.ip.adress icmptypes 3 > ipfw add deny icmp from any to mu.ip.adress > > Will it resolve the problem of fragmented packets? > > Ronan Lucio To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message