Date: Mon, 27 Oct 2003 13:43:10 +0200 From: Peter Pentchev <roam@ringlet.net> To: Jason Stone <freebsd-security@dfmm.org> Cc: security@freebsd.org Subject: Re: Best way to filter "Nachi pings"? Message-ID: <20031027114310.GA430@straylight.oblivion.bg> In-Reply-To: <20031027030027.B8440@walter> References: <200310270731.AAA23485@lariat.org> <20031027080240.GA9552@rot13.obsecurity.org> <20031027120642.A96390@trillian.santala.org> <20031027030027.B8440@walter>
next in thread | previous in thread | raw e-mail | index | archive | help
--liOOAslEiF7prFVr Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 27, 2003 at 03:12:48AM -0800, Jason Stone wrote: [snip] > > > > Filtering packets by length on the other hand is a very nice feature > > > > to have. >=20 > > > As it happens, ipfw[2] does this anyway. >=20 > Yes, ipfw2 (ie, on fbsd-5 boxes) has an "iplen" option that you can put in > the body of your rule. From the manpage: >=20 > iplen len > Matches IP packets whose total length, including header and > data, is len bytes. >=20 > However, this isn't going to help most people with 4.x systems, so their > best option is probably still to block all pings. Actually, ipfw2 has been backported to -STABLE for quite a while, and the iplen keyword has been present in -STABLE's src/sbin/ipfw/ipfw2.c ever since ipfw2 was MFC'd (about July 2002). You may want to take a look at the ipfw(8) manual page, and specifically (as recommended at the top of the manpage) the 'USING IPFW2 IN FreeBSD-STABLE' section to see how you can actually use ipfw2 and 'iplen' in -STABLE :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If there were no counterfactuals, this sentence would not have been paradox= ical. --liOOAslEiF7prFVr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/nQTO7Ri2jRYZRVMRAmwUAKCdn83cmD6seSmbETePbWDFjgGAGgCfb/Ad 88HyoIYXRIyHtc/CGpKg91Y= =3FJj -----END PGP SIGNATURE----- --liOOAslEiF7prFVr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031027114310.GA430>