Date: Thu, 12 Aug 1999 00:16:07 -0600 (MDT) From: Nick Rogness <nick@rapidnet.com> To: Jason Schwab <jschwab@telebot.com> Cc: freebsd-security@freebsd.org Subject: Re: ipfw Message-ID: <Pine.BSF.4.05.9908112204040.48871-100000@rapidnet.com> In-Reply-To: <37b234fe.c8.0@telebot.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 11 Aug 1999, Jason Schwab wrote: > what rules should I add to my ipfw ruleset to block out icmp > floods and smurf attacts, etc thanks. For smurf attacks, I've done it 2 different ways before, assuming your local net is 192.168.0.0/24: # Permit traffic from local net 192.168.0.0/24 to broadcast addr. ipfw add 1000 permit ip from 192.168.0.0/24 to 192.168.0.255/32 # Deny log traffic from outside local net to local broadcast ipfw add 2000 deny log ip from any to 192.168.0.255/32 in via de0 or: # Deny log ICMP echo requests to broadcast from anywhere (1 line) ipfw add 2000 deny log icmp from any to 192.168.0.255/32 in via de0 icmptypes 8 Flood pinging is a bit more difficult. You probably can use DUMMYNET for this but I have never used it for that before, so I can't wave you in one direction or the other from using it. We block this garbage with our Cisco's so I'm not sure on it. But look in LINT at 'options ICMP_BANDLIM' or the sysctl switch. ******************************************************************* Nick Rogness Shaw's Principle: System Administrator Build a system that even a fool RapidNet, INC can use, and only a fool will nick@rapidnet.com want to use it. ******************************************************************* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9908112204040.48871-100000>