From owner-freebsd-security Thu Dec 16 23:21:56 1999 Delivered-To: freebsd-security@freebsd.org Received: from mls.gtonet.net (mls.gtonet.net [216.112.90.195]) by hub.freebsd.org (Postfix) with ESMTP id 9D59514DB9 for ; Thu, 16 Dec 1999 23:21:51 -0800 (PST) (envelope-from freebsd@gtonet.net) Received: from pld (holeyman@pld.gtonet.net [216.112.90.200]) by mls.gtonet.net (8.9.3/8.9.3) with SMTP id XAA12793 for ; Thu, 16 Dec 1999 23:21:50 -0800 (PST) (envelope-from freebsd@gtonet.net) From: "FreeBSD" To: "freebsd-security@FreeBSD. ORG" Subject: RE: Attacked By ICMP Packets Date: Thu, 16 Dec 1999 23:22:08 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Depending on the attack you might not be able to stop it even if you filter the packets. If the attacker can send more packets than your bandwidth can handle, for example. No matter how fast you drop them, they still exceed your bandwidth, thus you die. Avoiding IRC will reduce your smurfs usually or you can just avoid pissing people off or channels that are prone to attacks. FreeBSD freebsd@gtonet.net "LinSUX is only free if your time is worthless" > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of BSDman > Sent: Thursday, December 16, 1999 6:40 AM > To: retal; freebsd-security@FreeBSD.ORG > Subject: RE: Attacked By ICMP Packets > > > > I'm getting icmped and smurfed twice a week and when it does happen > > My LAN is dead ... , i ran a firewall but still it doesnt help... > > any suggestions? > > what firewall are you running? on top of which OS? > why is your LAN dead? do you allow inbound icmp packets to pass > accross your firewall? generally, you should only allow icmp > packets to the > firewall > (unless you have public addresses in your LAN and you do not NAT > them at the > firewall). > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message