Date: Wed, 13 Aug 2003 22:01:03 +1000 (EST) From: Andy Farkas <andyf@speednet.com.au> To: Mark <admin@asarian-host.net> Cc: freebsd-questions@freebsd.org Subject: Re: Restricting ICMP Message-ID: <20030813215540.T90272-100000@hewey.af.speednet.com.au> In-Reply-To: <200308130956.H7D9U28E022832@asarian-host.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark wrote:
> I am just not very fond of the idea of local users starting ICMP wars over
> the net, using my server :) I have already had an instance where a web-user
> did an excessive ping attack on one of his buddies. And, naturally, I want
> to prevent that. The chmod u-s idea mentioned here, was a good idea. Except
> that, prefereably, I'd like all of wheel to have access, and the rest not.
> And that may be harder to implement.
If your users play up, put your BOFH hat on and lart them.
chmod'ing /sbin/ping is useless - users can compile their own version of
ping.
Make your users aware that abusing ping (and other net resources) will get
them kicked and banned from your system.
--
:{ andyf@speednet.com.au
Andy Farkas
System Administrator
Speednet Communications
http://www.speednet.com.au/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030813215540.T90272-100000>