Date: Thu, 12 Aug 1999 09:38:39 -0700 From: Tom Brown <tomb@securify.com> To: Nick Rogness <nick@rapidnet.com>, "'Paul Hart'" <hart@iserver.com> Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: RE: ipfw Message-ID: <01BEE4A6.75DBDD80@beetroot.securify.com>
next in thread | raw e-mail | index | archive | help
You can add a rule to block incoming ICMP replies but it's kind of = convenient to have ping. I get fine results by using natd with the -d = option that way you can still ping but incoming traffic is rejected = unless it was initialized from within, though not much help if it is a = "client" ipfw on a single box. Tom ---------- From: Paul Hart Sent: Thursday, August 12, 1999 2:40 AM To: Nick Rogness Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw On Thu, 12 Aug 1999, Nick Rogness wrote: > > what rules should I add to my ipfw ruleset to block out icmp=20 > > floods and smurf attacts, etc thanks. >=20 > For smurf attacks, I've done it 2 different ways before, assuming > your local net is 192.168.0.0/24: >=20 > # Permit traffic from local net 192.168.0.0/24 to broadcast addr. > ipfw add 1000 permit ip from 192.168.0.0/24 to 192.168.0.255/32 > # Deny log traffic from outside local net to local broadcast > ipfw add 2000 deny log ip from any to 192.168.0.255/32 in via de0 Doesn't that just stop you from being used as a smurf amplifier? I = think the original poster wanted to know how to defend against being a smurf victim, which is much more difficult. The best resources I've seen for understanding smurf attacks are: http://users.quadrunner.com/chuegen/smurf.cgi http://www.netscan.org/ http://www.powertech.no/smurf/ Defending against smurf attacks is hard because by the time you receive the smurf traffic on your network, much of the damage has already been done. And believe me, you WILL notice that something is happening when you're feeling the brunt of a 60 Mb/s sustained smurf attack. :-)=20 Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01BEE4A6.75DBDD80>