Date: Sun, 16 Aug 1998 21:06:54 -0500 (CDT) From: "Jasper O'Malley" <jooji@webnology.com> To: Joao Paulo Campello <john@neoplanos.com.br> Cc: security@FreeBSD.ORG Subject: Re: hosts.deny/allow & ICMP Attacks Message-ID: <Pine.LNX.4.02.9808162101070.30290-100000@mercury.webnology.com> In-Reply-To: <3.0.5.32.19980816210952.007c5b20@neoplanos.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 16 Aug 1998, Joao Paulo Campello wrote:
> #1
>
> Does anybody here know if there's any way to break hosts.deny/allow
> protection in BSD or even Linux Systems?
Find an exploit in tcpd or otherwise gain root on the system in question.
> #2
>
> Is there any filter/firewall/thing I can do for blocking ICMP Attacks?
> Like ICMP Type 8 (PING) or ICMP Type 3 (UNREACH) ?!?! Ooho, sorry... I know
> I can use *ifpw* to filter these packets and not to respond the PING, for
> example... But in this way my incoming link would be fully filled anyway...
> So how can I filter in the router level, and be sure the PINGs will not
> fill my incoming link?
Most modern routers provide packet filtering capabilities (a la ipfw); the
better routers can do it at wire speed. With a Cisco, for instance, you
can use an access-list to drop all ICMP packets before they make it onto
your internal network. At that point, you only have to worry about having
your external link flooded. If you have a decent router, even if your
external link is completely overrun with non-legit traffic, your internal
network should continue to work dandily (although you may not have
external connectivity).
Cheers,
Mick
The Reverend Jasper P. O'Malley dotdot:jooji@webnology.com
Systems Administrator ringring:asktheadmiral
Webnology, LLC woowoo:http://www.webnology.com/~jooji
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.02.9808162101070.30290-100000>