Date: Sun, 16 Aug 1998 21:06:54 -0500 (CDT) From: "Jasper O'Malley" <jooji@webnology.com> To: Joao Paulo Campello <john@neoplanos.com.br> Cc: security@FreeBSD.ORG Subject: Re: hosts.deny/allow & ICMP Attacks Message-ID: <Pine.LNX.4.02.9808162101070.30290-100000@mercury.webnology.com> In-Reply-To: <3.0.5.32.19980816210952.007c5b20@neoplanos.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 16 Aug 1998, Joao Paulo Campello wrote: > #1 > > Does anybody here know if there's any way to break hosts.deny/allow > protection in BSD or even Linux Systems? Find an exploit in tcpd or otherwise gain root on the system in question. > #2 > > Is there any filter/firewall/thing I can do for blocking ICMP Attacks? > Like ICMP Type 8 (PING) or ICMP Type 3 (UNREACH) ?!?! Ooho, sorry... I know > I can use *ifpw* to filter these packets and not to respond the PING, for > example... But in this way my incoming link would be fully filled anyway... > So how can I filter in the router level, and be sure the PINGs will not > fill my incoming link? Most modern routers provide packet filtering capabilities (a la ipfw); the better routers can do it at wire speed. With a Cisco, for instance, you can use an access-list to drop all ICMP packets before they make it onto your internal network. At that point, you only have to worry about having your external link flooded. If you have a decent router, even if your external link is completely overrun with non-legit traffic, your internal network should continue to work dandily (although you may not have external connectivity). Cheers, Mick The Reverend Jasper P. O'Malley dotdot:jooji@webnology.com Systems Administrator ringring:asktheadmiral Webnology, LLC woowoo:http://www.webnology.com/~jooji To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.02.9808162101070.30290-100000>