Date: Mon, 28 May 2001 19:15:15 +0200 From: "Retal" <lirandb@netvision.net.il> To: <freebsd-security@freebsd.org> Subject: Re: filter-prohib/reset <-- not working Message-ID: <006501c0e799$c37967e0$b88f39d5@a> References: <002c01c0e798$2cd55e80$b88f39d5@a>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Oh and i forgot one more thing, When im denying ICMP Packets.. should i use unreach filter-prohib or unreach host?
Is there any difference? i mean when im getting hard ICMP Flood (ping -f -s) are any of them will help me from getting my machine down? because like i've seen my firewall isnt helping soo much against ICMP attacks, even when im doing this:
ipfw add 900 allow icmp from 213.57.143.1 (MY IP)
ipfw add 901 unreach host/unreach filter-prohib icmp from any to any
Best regards, And thanks,
Liran Dahan (lirandb@netvision.net.il)
----- Original Message -----
From: Retal
To: freebsd-security@FreeBSD.ORG
Sent: Monday, May 28, 2001 7:03 PM
Subject: filter-prohib/reset <-- not working
Im trying everything,
i added rules like : add reset tcp from any to any, or add unreach filter-prohib tcp from any to any
it is still taking like 30 seconds till i get Connection refused...
What could be the problem ?
(The rules are in their place)
Best regards,
Liran Dahan (lirandb@netvision.net.il)
[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=windows-1255" http-equiv=Content-Type>
<META content="MSHTML 5.00.2919.6307" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Oh and i forgot one more thing, When im denying
ICMP Packets.. should i use unreach filter-prohib or unreach host?</FONT></DIV>
<DIV><FONT face=Arial size=2>Is there any difference? i mean when im getting
hard ICMP Flood (ping -f -s) are any of them will help me from getting my
machine down? because like i've seen my firewall isnt helping soo much against
ICMP attacks, even when im doing this:</FONT></DIV>
<DIV><FONT face=Arial size=2>ipfw add 900 allow icmp from 213.57.143.1 (MY IP)
</FONT></DIV>
<DIV><FONT face=Arial size=2>ipfw add 901 unreach host/unreach filter-prohib
icmp from any to any</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Best regards, And thanks, </FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial
size=2>
Liran Dahan (<A
href="mailto:lirandb@netvision.net.il">lirandb@netvision.net.il</A>)</FONT></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A href="mailto:lirandb@netvision.net.il"
title=lirandb@netvision.net.il>Retal</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
href="mailto:freebsd-security@FreeBSD.ORG"
title=freebsd-security@FreeBSD.ORG>freebsd-security@FreeBSD.ORG</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, May 28, 2001 7:03 PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> filter-prohib/reset <-- not
working</DIV>
<DIV><BR></DIV>
<DIV><FONT face=Arial size=2>Im trying everything,</FONT></DIV>
<DIV><FONT face=Arial size=2>i added rules like : add reset tcp from any to
any, or add unreach filter-prohib tcp from any to any</FONT></DIV>
<DIV><FONT face=Arial size=2>it is still taking like 30 seconds till i get
Connection refused...</FONT></DIV>
<DIV><FONT face=Arial size=2>What could be the problem ? </FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>(The rules are in their place)</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Best
regards, </FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial
size=2> Liran
Dahan (<A
href="mailto:lirandb@netvision.net.il">lirandb@netvision.net.il</A>)</FONT></DIV></BLOCKQUOTE></BODY></HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006501c0e799$c37967e0$b88f39d5>