Date: Mon, 27 Oct 2003 00:02:40 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Brett Glass <brett@lariat.org> Cc: security@freebsd.org Subject: Re: Best way to filter "Nachi pings"? Message-ID: <20031027080240.GA9552@rot13.obsecurity.org> In-Reply-To: <200310270731.AAA23485@lariat.org> References: <200310270731.AAA23485@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--J/dobhs11T7y2rNN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Oct 27, 2003 at 12:31:46AM -0700, Brett Glass wrote: > We're being ping-flooded by the Nachi worm, which probes subnets for > systems to attack by sending 92-byte ping packets. Unfortunately, > IPFW doesn't seem to have the ability to filter packets by length. > Assuming that I stick with IPFW, what's the best way to stem the > tide? Block all ping packets? Most security-conscious admins do this anyway. Kris --J/dobhs11T7y2rNN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/nNEgWry0BWjoQKURAtthAJ4gTe6CHlnlpBh6U9wB/xP3mdlQPgCggN/L 5fHSG5lqIIcbEOhS+det7XE= =7djy -----END PGP SIGNATURE----- --J/dobhs11T7y2rNN--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031027080240.GA9552>