From owner-freebsd-security Mon May 28 9:15:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from alpha.netvision.net.il (alpha.netvision.net.il [194.90.1.13]) by hub.freebsd.org (Postfix) with ESMTP id 161A037B423 for ; Mon, 28 May 2001 09:15:15 -0700 (PDT) (envelope-from lirandb@netvision.net.il) Received: from a ([213.57.143.184]) by alpha.netvision.net.il (8.9.3/8.8.6) with SMTP id TAA12851 for ; Mon, 28 May 2001 19:15:13 +0300 (IDT) Message-ID: <006501c0e799$c37967e0$b88f39d5@a> From: "Retal" To: References: <002c01c0e798$2cd55e80$b88f39d5@a> Subject: Re: filter-prohib/reset <-- not working Date: Mon, 28 May 2001 19:15:15 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0062_01C0E7AA.86CFDD40" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0062_01C0E7AA.86CFDD40 Content-Type: text/plain; charset="windows-1255" Content-Transfer-Encoding: quoted-printable Oh and i forgot one more thing, When im denying ICMP Packets.. should i = use unreach filter-prohib or unreach host? Is there any difference? i mean when im getting hard ICMP Flood (ping -f = -s) are any of them will help me from getting my machine down? because = like i've seen my firewall isnt helping soo much against ICMP attacks, = even when im doing this: ipfw add 900 allow icmp from 213.57.143.1 (MY IP)=20 ipfw add 901 unreach host/unreach filter-prohib icmp from any to any Best regards, And thanks,=20 Liran Dahan (lirandb@netvision.net.il) ----- Original Message -----=20 From: Retal=20 To: freebsd-security@FreeBSD.ORG=20 Sent: Monday, May 28, 2001 7:03 PM Subject: filter-prohib/reset <-- not working Im trying everything, i added rules like : add reset tcp from any to any, or add unreach = filter-prohib tcp from any to any it is still taking like 30 seconds till i get Connection refused... What could be the problem ?=20 (The rules are in their place) Best regards, =20 Liran Dahan (lirandb@netvision.net.il) ------=_NextPart_000_0062_01C0E7AA.86CFDD40 Content-Type: text/html; charset="windows-1255" Content-Transfer-Encoding: quoted-printable
Oh and i forgot one more thing, When im = denying=20 ICMP Packets.. should i use unreach filter-prohib or unreach = host?
Is there any difference? i mean when im = getting=20 hard ICMP Flood (ping -f -s) are any of them will help me from getting = my=20 machine down? because like i've seen my firewall isnt helping soo much = against=20 ICMP attacks, even when im doing this:
ipfw add 900 allow icmp from = 213.57.143.1 (MY IP)=20
ipfw add 901 unreach host/unreach = filter-prohib=20 icmp from any to any
 
Best regards, And thanks,
 
          &nbs= p;     =20 Liran Dahan (lirandb@netvision.net.il)
----- Original Message -----
From:=20 Retal
To: freebsd-security@FreeBSD.ORG =
Sent: Monday, May 28, 2001 7:03 = PM
Subject: filter-prohib/reset = <-- not=20 working

Im trying everything,
i added rules like : add reset tcp = from any to=20 any, or add unreach filter-prohib tcp from any to any
it is still taking like 30 seconds = till i get=20 Connection refused...
What could be the problem ? =
 
(The rules are in their = place)
 
Best=20 regards,    
 
          &nbs= p;           Liran= =20 Dahan (lirandb@netvision.net.il)
------=_NextPart_000_0062_01C0E7AA.86CFDD40-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message