Date: Tue, 4 May 1999 18:48:32 -0400 (EDT) From: Pat Lynch <lynch@rush.net> To: Doug White <dwhite@resnet.uoregon.edu> Cc: Fadi Sodah <sodah@qatar.net.qa>, freebsd-chat@FreeBSD.ORG Subject: Re: ICMP-attack Message-ID: <Pine.BSF.4.05.9905041837360.995-100000@bytor.rush.net> In-Reply-To: <Pine.BSF.4.03.9905041506020.28350-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
moving to -chat just 'cuz On Tue, 4 May 1999, Doug White wrote: > On Mon, 3 May 1999, Pat Lynch wrote: > > > DOug, that actually won't work, the only way to make smurfs useless is to > > get enough bandwidth to handle the attack, or have your upstream filter > > for you, the only thing thios solves is DoS on the local net, but any > > communication in or out the gateway is still going to be impossible. > > Er? If you filter ICMP at your router, the pings (or whatever) can't > reach their intended target. > > If you want to completely foil smurfs on your FreeBSD boxen, set sysctl > net.inet.icmp.bmcastecho=0. > yes, but the point of a smurf attack to is saturate a network or cripple a router, unfortunately more times than not, smurf attacks cripple routers(especially ones filtering those icmps), having dealt with smurfs more than most, I've seen it happen many a time. and yes you can avoid being a "smurf amplifier" by not responding to braodcast pings. blocking icmp at the host level is still not going to help at all > > Now if you do this for icmp going out, it will keep people from launching > > attacks from your network *but* ICMP is a useful protocol, as I found out > > when I blocked icmp, some routers need to tell machines to send smaller > > packets , and will send messages to that effect using ICMP, if you are > > running a website, this is especially true. > > Yeah, it break MTU Discovery and other actually useful bits. The rule > could be more detailed. > true, I found out to my chagrin that MTU discovery didn;t work and was causing problems when I blocked all icmp. Most people miss the point of icmp, its not just for ping or traceroute. > Doug White > Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve > http://gladstone.uoregon.edu/~dwhite | www.freebsd.org > ___________________________________________________________________________ Pat Lynch lynch@rush.net Systems Administrator Rush Networking "Wow, everyone looks different in Real Life (tm)"- Nathan Dorfman meeting people at FUNY "Suicide is painless, switching to NT isn't."- Unknown ___________________________________________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9905041837360.995-100000>