Date: Wed, 8 Mar 2000 22:18:50 +0100 (CET) From: Oliver Fromme <olli@dorifer.heim3.tu-clausthal.de> To: freebsd-hackers@FreeBSD.ORG Subject: Re: Block out PING. Message-ID: <200003082118.WAA39164@dorifer.heim3.tu-clausthal.de> In-Reply-To: <8a5dvp$15dg$1@atlantis.rz.tu-clausthal.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Kasper <kasper@swebase.com> wrote in list.freebsd-hackers: > Is there any way to stop the machine to answer on ping, so that my machine > doenst answer on any ping? My server has been ping attacked a few times. I'd recommend that you add options "ICMP_BANDLIM" to your kernel. This will limit the amount of ICMP replies that your machine is sending out, without turning off ICMP completely (which would be a _very_ bad thing). You can tune the bandwidth limit with sysctl net.inet.icmp.icmplim. However, if the _incoming_ ICMP packets are already filling up your line and causing trouble, there's nothing that you could do against it on your side, I'm afraid. Then you should try to track down who's attacking you, and get those bad boys LARTed. You could also try to ask your ISP for help. Regards Oliver PS: "Pings" are just a particular type of ICMP packets (ICMP ECHO requests and ICMP ECHO replies, respectively). -- Oliver Fromme, Leibnizstr. 18/61, 38678 Clausthal, Germany (Info: finger userinfo:olli@dorifer.heim3.tu-clausthal.de) "In jedem Stück Kohle wartet ein Diamant auf seine Geburt" (Terry Pratchett) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003082118.WAA39164>