Site Navigation

Date:      Mon, 28 May 2001 19:15:15 +0200
From:      "Retal" <lirandb@netvision.net.il>
To:        <freebsd-security@freebsd.org>
Subject:   Re: filter-prohib/reset <-- not working
Message-ID:  <006501c0e799$c37967e0$b88f39d5@a>
References:  <002c01c0e798$2cd55e80$b88f39d5@a>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

This is a multi-part message in MIME format.

------=_NextPart_000_0062_01C0E7AA.86CFDD40
Content-Type: text/plain;
	charset="windows-1255"
Content-Transfer-Encoding: quoted-printable

Oh and i forgot one more thing, When im denying ICMP Packets.. should i =
use unreach filter-prohib or unreach host?
Is there any difference? i mean when im getting hard ICMP Flood (ping -f =
-s) are any of them will help me from getting my machine down? because =
like i've seen my firewall isnt helping soo much against ICMP attacks, =
even when im doing this:
ipfw add 900 allow icmp from 213.57.143.1 (MY IP)=20
ipfw add 901 unreach host/unreach filter-prohib icmp from any to any

Best regards, And thanks,=20

                 Liran Dahan (lirandb@netvision.net.il)
  ----- Original Message -----=20
  From: Retal=20
  To: freebsd-security@FreeBSD.ORG=20
  Sent: Monday, May 28, 2001 7:03 PM
  Subject: filter-prohib/reset <-- not working


  Im trying everything,
  i added rules like : add reset tcp from any to any, or add unreach =
filter-prohib tcp from any to any
  it is still taking like 30 seconds till i get Connection refused...
  What could be the problem ?=20

  (The rules are in their place)

  Best regards,   =20

                        Liran Dahan (lirandb@netvision.net.il)

------=_NextPart_000_0062_01C0E7AA.86CFDD40
Content-Type: text/html;
	charset="windows-1255"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Dwindows-1255" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2919.6307" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Oh and i forgot one more thing, When im =
denying=20
ICMP Packets.. should i use unreach filter-prohib or unreach =
host?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Is there any difference? i mean when im =
getting=20
hard ICMP Flood (ping -f -s) are any of them will help me from getting =
my=20
machine down? because like i've seen my firewall isnt helping soo much =
against=20
ICMP attacks, even when im doing this:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>ipfw add 900 allow icmp from =
213.57.143.1 (MY IP)=20
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>ipfw add 901 unreach host/unreach =
filter-prohib=20
icmp from any to any</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Best regards, And thanks, </FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial=20
size=3D2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
Liran Dahan (<A=20
href=3D"mailto:lirandb@netvision.net.il">lirandb@netvision.net.il</A>)</F=
ONT></DIV>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: =
0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
  <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
  <DIV=20
  style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
  <A href=3D"mailto:lirandb@netvision.net.il"=20
  title=3Dlirandb@netvision.net.il>Retal</A> </DIV>
  <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A=20
  href=3D"mailto:freebsd-security@FreeBSD.ORG"=20
  title=3Dfreebsd-security@FreeBSD.ORG>freebsd-security@FreeBSD.ORG</A> =
</DIV>
  <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Monday, May 28, 2001 7:03 =
PM</DIV>
  <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> filter-prohib/reset =
&lt;-- not=20
  working</DIV>
  <DIV><BR></DIV>
  <DIV><FONT face=3DArial size=3D2>Im trying everything,</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>i added rules like : add reset tcp =
from any to=20
  any, or add unreach filter-prohib tcp from any to any</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>it is still taking like 30 seconds =
till i get=20
  Connection refused...</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2>What could be the problem ? =
</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>(The rules are in their =
place)</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>Best=20
regards,&nbsp;&nbsp;&nbsp;&nbsp;</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT face=3DArial=20
  =
size=3D2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Liran=
=20
  Dahan (<A=20
  =
href=3D"mailto:lirandb@netvision.net.il">lirandb@netvision.net.il</A>)</F=
ONT></DIV></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0062_01C0E7AA.86CFDD40--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006501c0e799$c37967e0$b88f39d5>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact