From owner-freebsd-security Thu Mar 22 12:49:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from www3.infolink.com.br (www3.infolink.com.br [200.255.108.4]) by hub.freebsd.org (Postfix) with ESMTP id 4E0A437B718 for ; Thu, 22 Mar 2001 12:49:52 -0800 (PST) (envelope-from apina@infolink.com.br) Received: from diala11 (unverified [200.255.108.11]) by www3.infolink.com.br (Vircom SMTPRS 4.2.181) with SMTP id for ; Thu, 22 Mar 2001 17:49:48 -0300 Message-ID: <019101c0b311$a2844fd0$0b6cffc8@infolink.com.br> Reply-To: "Antonio Carlos Pina" From: "Antonio Carlos Pina" To: References: <007101c0b311$0d67db60$2aa8a8c0@melim.com.br> Subject: Re: DoS attack - advice needed Date: Thu, 22 Mar 2001 17:49:48 -0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4029.2901 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4029.2901 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Source quench is supposed to be needed but is bad (big security risks). You should avoid it. Regards, Cordialmente, Antonio Carlos Pina Diretor de Tecnologia INFOLINK Internet http://www.infolink.com.br ----- Original Message ----- From: "Ronan Lucio" To: Sent: Thursday, March 22, 2001 5:45 PM Subject: Re: DoS attack - advice needed > Sorry, > > I´d like say to allow the follow icmptypes: > > 3 (destination unreachable) > 4 (source quench) > 11 (ttl exceeded) > 12 (ip header bad) > > I think it´s enough to cause no problem to the system and > block ping packets > > Ronan Lucio > > > If I add a rules: > > > > ipfw add pass icmp from any to my.ip.adress icmptypes 3 > > ipfw add deny icmp from any to mu.ip.adress > > > > Will it resolve the problem of fragmented packets? > > > > Ronan Lucio > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message