From owner-freebsd-security  Wed Dec  8  7:27:44 1999
Delivered-To: freebsd-security@freebsd.org
Received: from grisu.bik-gmbh.de (grisu.bik-gmbh.de [194.233.237.82])
	by hub.freebsd.org (Postfix) with ESMTP id DB2BF14D47
	for <freebsd-security@FreeBSD.ORG>; Wed,  8 Dec 1999 07:27:37 -0800 (PST)
	(envelope-from cracauer@counter.bik-gmbh.de)
Received: from counter.bik-gmbh.de (counter.bik-gmbh.de [194.233.237.131])
	by grisu.bik-gmbh.de (8.9.3/8.9.3) with ESMTP id QAA08492;
	Wed, 8 Dec 1999 16:27:24 +0100 (MET)
Received: (from cracauer@localhost)
	by counter.bik-gmbh.de (8.9.3/8.8.8) id QAA78167;
	Wed, 8 Dec 1999 16:26:30 +0100 (CET)
	(envelope-from cracauer)
Date: Wed, 8 Dec 1999 16:26:13 +0100
From: Martin Cracauer <cracauer@cons.org>
To: Jonas Eriksson <je@interact.se>
Cc: retal <retal@ns.navon.org.il>, freebsd-security@FreeBSD.ORG
Subject: Re: Attacked By ICMP Packets
Message-ID: <19991208162613.A78075@cons.org>
References: <Pine.BSF.4.20.9912081416240.347-100000@ns.navon.org.il> <owner-freebsd-securityATFreeBSD.ORG--Pine.BSF.4.10.9912081348100.95063-100000@wolfie.interact.se>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.4i
In-Reply-To: <owner-freebsd-securityATFreeBSD.ORG--Pine.BSF.4.10.9912081348100.95063-100000@wolfie.interact.se>; from Jonas Eriksson on Wed, Dec 08, 1999 at 02:30:19PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In <owner-freebsd-securityATFreeBSD.ORG--Pine.BSF.4.10.9912081348100.95063-100000@wolfie.interact.se>, Jonas Eriksson wrote: 
> On Wed, 8 Dec 1999, retal wrote:
> 
> > Hi there,
> > I'm getting icmped and smurfed twice a week and when it does happen
> > My LAN is dead ... , i ran a firewall but still it doesnt help...
> > any suggestions? 
> > 
> 
> Contact your provider, and let them block icmp to your net. 

Aehm, you need some ICMP, i.e. MTU discovery.

The usual attack packets are oversized ping packets. You may let them
filter on that criterium.

Martin
-- 
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin Cracauer <cracauer@bik-gmbh.de> http://www.bik-gmbh.de/~cracauer/
"Where do you want to do today?" Hard to tell running your calendar 
 program on a junk operating system, eh?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message