From owner-freebsd-security  Fri Mar 23  8:20: 3 2001
Delivered-To: freebsd-security@freebsd.org
Received: from roble.com (mx0.roble.com [206.40.34.14])
	by hub.freebsd.org (Postfix) with ESMTP id CE43E37B753
	for <security@FreeBSD.ORG>; Fri, 23 Mar 2001 08:19:43 -0800 (PST)
	(envelope-from marquis@roble.com)
Received: from localhost (marquis@localhost)
	by roble.com  with ESMTP id f2NGJh284398
	for <security@FreeBSD.ORG>; Fri, 23 Mar 2001 08:19:43 -0800 (PST)
Date: Fri, 23 Mar 2001 08:19:42 -0800 (PST)
From: Roger Marquis <marquis@roble.com>
To: security@FreeBSD.ORG
Subject: Re: DoS attack - advice needed
Message-ID: <Pine.BSF.4.21.0103230814580.84207-100000@roble.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

"Antonio Carlos Pina" <apina@infolink.com.br> wrote:
>Source quench is supposed to be needed but is bad (big security risks). Yo=
u
>should avoid it.

Source quench is bad?  Could you elaborate?

Also, what is the difference between an ICMP flood and a TCP
or UDP flood?

This topic comes up in comp.protocols.tcp-ip from time to time and
the common wisdom recommends allowing icmptypes 0,3,4,8, and 11.
I have not yet seen a good reason not to allow these icmptypes yet
posted to this forum.

--=20
Roger Marquis
Roble Systems Consulting
http://www.roble.com/

>> I=B4d like say to allow the follow icmptypes:
>>
>> 3 (destination unreachable)
>> 4 (source quench)
>> 11 (ttl exceeded)
>> 12 (ip header bad)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message