From owner-freebsd-security  Thu Nov  2 10:33:22 2000
Delivered-To: freebsd-security@freebsd.org
Received: from post.webmailer.de (natmail2.webmailer.de [192.67.198.65])
	by hub.freebsd.org (Postfix) with ESMTP id D757537B4C5
	for <security@FreeBSD.ORG>; Thu,  2 Nov 2000 10:33:15 -0800 (PST)
Received: from umktgghc (host-209-214-44-97.mob.bellsouth.net [209.214.44.97])
	by post.webmailer.de (8.9.3/8.8.7) with SMTP id TAA15268;
	Thu, 2 Nov 2000 19:30:08 +0100 (MET)
Message-Id: <200011021830.TAA15268@post.webmailer.de>
From: "Moritz Hardt" <mhardt@morix.de>
To: "Buliwyf McGraw" <buliwyf@libertad.univalle.edu.co>,
	"security@FreeBSD.ORG" <security@FreeBSD.ORG>
Date: Thu, 02 Nov 2000 12:29:51 -0500
Reply-To: "Moritz Hardt" <mhardt@morix.de>
X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 98 (4.10.1998)
In-Reply-To: <Pine.BSF.4.21.0011021222030.4623-100000@libertad.univalle.edu.co>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: Console Message II
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 2 Nov 2000 13:05:50 -0500 (COT), Buliwyf McGraw wrote:

>
> In this moment i am using ipf in the box which is showing de message:
> "icmp-response bandwidth limit".
> It doesnt happen all time, just some days for a few 
> When the message appears, the "System Load" grows to 5 or more, until
> the server crash!

Normally those messages orcur, if someone portscans you or piung
floods you. But the fact that the server crashes, seems to me like
you are vulnerable to DOS-attack. Look wich services on your system
are running and could be vulnerable. 

> My question is:
>
> If i put this line in my "ipf rules" file: 
> block in proto icmp all
>
> What kind of problems could i get for this restriction???

Be careful with that!! It is not a good idea to block the whole icmp,
since important control messages would be blocked. such as the
echo-request (ping). I think it would stop it, but that's really a
way you shouldnt go.

>
>=======================================================================
> Buliwyf McGraw
> Administrador del Servidor Libertad
> Centro de Servicios de Informacion
> Universidad del Valle
>=======================================================================
>
>
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message