Date: Thu, 22 Mar 2001 17:49:48 -0300 From: "Antonio Carlos Pina" <apina@infolink.com.br> To: <freebsd-security@freebsd.org> Subject: Re: DoS attack - advice needed Message-ID: <019101c0b311$a2844fd0$0b6cffc8@infolink.com.br> References: <007101c0b311$0d67db60$2aa8a8c0@melim.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Source quench is supposed to be needed but is bad (big security risks). You should avoid it. Regards, Cordialmente, Antonio Carlos Pina Diretor de Tecnologia INFOLINK Internet http://www.infolink.com.br ----- Original Message ----- From: "Ronan Lucio" <ronan@melim.com.br> To: <security@freebsd.org> Sent: Thursday, March 22, 2001 5:45 PM Subject: Re: DoS attack - advice needed > Sorry, > > I´d like say to allow the follow icmptypes: > > 3 (destination unreachable) > 4 (source quench) > 11 (ttl exceeded) > 12 (ip header bad) > > I think it´s enough to cause no problem to the system and > block ping packets > > Ronan Lucio > > > If I add a rules: > > > > ipfw add pass icmp from any to my.ip.adress icmptypes 3 > > ipfw add deny icmp from any to mu.ip.adress > > > > Will it resolve the problem of fragmented packets? > > > > Ronan Lucio > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?019101c0b311$a2844fd0$0b6cffc8>