Date: Wed, 27 May 1998 23:41:40 GMT From: mike@sentex.net (Mike Tancsa) To: cschuber@uumail.gov.bc.ca Cc: freebsd-security@FreeBSD.ORG Subject: Re: SMURF in 2.2.5 Message-ID: <356ca296.243683658@mail.sentex.net> In-Reply-To: <199805271623.JAA05578@passer.osg.gov.bc.ca> References: <199805271623.JAA05578@passer.osg.gov.bc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 27 May 1998 09:22:50 -0700, in sentex.lists.freebsd.misc you wrote: >What about ipfw? For example, where 123.123.123.0 is your network >address, > >ipfw add deny icmp from 123.123.123.0 to any >ipfw add deny icmp from 123.123.123.255 to any You dont really want to disable all ICMP traffic as it will break some things... If you want to prevent pings from flowing through your FreeBSD box, you can specify something like ipfw add 4000 deny log icmp from any to any icmptype 0,8 to stop echo and echo reply... Also, this does nothing to prevent you from being SMURF attacked.. It only would help prevent you from being used as a source. Think about it, if your network is something like UPSTREAM --------DS1 link ---------your gateway The flood of packets will traverse your DS1 only to be stopped at "your gateway".. bye bye DS1 bandwidth... ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?356ca296.243683658>