Date: Wed, 8 Mar 2000 22:18:50 +0100 (CET) From: Oliver Fromme <olli@dorifer.heim3.tu-clausthal.de> To: freebsd-hackers@FreeBSD.ORG Subject: Re: Block out PING. Message-ID: <200003082118.WAA39164@dorifer.heim3.tu-clausthal.de> In-Reply-To: <8a5dvp$15dg$1@atlantis.rz.tu-clausthal.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Kasper <kasper@swebase.com> wrote in list.freebsd-hackers:
> Is there any way to stop the machine to answer on ping, so that my machine
> doenst answer on any ping? My server has been ping attacked a few times.
I'd recommend that you add
options "ICMP_BANDLIM"
to your kernel. This will limit the amount of ICMP replies that
your machine is sending out, without turning off ICMP completely
(which would be a _very_ bad thing). You can tune the bandwidth
limit with sysctl net.inet.icmp.icmplim.
However, if the _incoming_ ICMP packets are already filling up
your line and causing trouble, there's nothing that you could do
against it on your side, I'm afraid. Then you should try to
track down who's attacking you, and get those bad boys LARTed.
You could also try to ask your ISP for help.
Regards
Oliver
PS: "Pings" are just a particular type of ICMP packets (ICMP
ECHO requests and ICMP ECHO replies, respectively).
--
Oliver Fromme, Leibnizstr. 18/61, 38678 Clausthal, Germany
(Info: finger userinfo:olli@dorifer.heim3.tu-clausthal.de)
"In jedem Stück Kohle wartet ein Diamant auf seine Geburt"
(Terry Pratchett)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003082118.WAA39164>