Date: Tue, 4 May 1999 15:07:57 -0700 (PDT) From: Doug White <dwhite@resnet.uoregon.edu> To: Pat Lynch <lynch@rush.net> Cc: Fadi Sodah <sodah@qatar.net.qa>, freebsd-questions@FreeBSD.ORG Subject: Re: ICMP-attack Message-ID: <Pine.BSF.4.03.9905041506020.28350-100000@resnet.uoregon.edu> In-Reply-To: <Pine.BSF.4.05.9905031628510.995-100000@bytor.rush.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 May 1999, Pat Lynch wrote: > DOug, that actually won't work, the only way to make smurfs useless is to > get enough bandwidth to handle the attack, or have your upstream filter > for you, the only thing thios solves is DoS on the local net, but any > communication in or out the gateway is still going to be impossible. Er? If you filter ICMP at your router, the pings (or whatever) can't reach their intended target. If you want to completely foil smurfs on your FreeBSD boxen, set sysctl net.inet.icmp.bmcastecho=0. > Now if you do this for icmp going out, it will keep people from launching > attacks from your network *but* ICMP is a useful protocol, as I found out > when I blocked icmp, some routers need to tell machines to send smaller > packets , and will send messages to that effect using ICMP, if you are > running a website, this is especially true. Yeah, it break MTU Discovery and other actually useful bits. The rule could be more detailed. Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.03.9905041506020.28350-100000>