Date: Mon, 27 Oct 2003 16:06:44 +0800 From: "Francis A. Vidal" <francisv-sender-21ebc3@irc.dagupan.com> To: <freebsd-security@freebsd.org> Subject: RE: Best way to filter "Nachi pings"? Message-ID: <1067242009.66521.TMDA@irc.dagupan.com> In-Reply-To: <20031027080240.GA9552@rot13.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Wouldn't it break stuff like traceroute? -----Original Message----- From: Kris Kennaway [mailto:kris@obsecurity.org] Sent: Monday, October 27, 2003 4:03 PM To: Brett Glass Cc: security@freebsd.org Subject: Re: Best way to filter "Nachi pings"? On Mon, Oct 27, 2003 at 12:31:46AM -0700, Brett Glass wrote: > We're being ping-flooded by the Nachi worm, which probes subnets for > systems to attack by sending 92-byte ping packets. Unfortunately, > IPFW doesn't seem to have the ability to filter packets by length. > Assuming that I stick with IPFW, what's the best way to stem the > tide? Block all ping packets? Most security-conscious admins do this anyway. Kris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1067242009.66521.TMDA>