Date: Thu, 12 Aug 1999 14:41:18 -0500 (CDT) From: Chris Malayter <mustang@TeraHertz.Net> To: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: RE: ipfw Message-ID: <Pine.BSF.4.05.9908121439260.51569-100000@saturn.terahertz.net> In-Reply-To: <Pine.BSF.4.05.9908121309450.51354-100000@rapidnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In order to truely isolate your LAN, you would need to propgate those rules to your upstream providers border router. Since, if it makes it to your gateway, your link is esentaly saturated. In my experience anyway. Regards, Chris Malayter Mustang@TeraHertz.Net ------------------------------------------------------------------------- Administrator, TeraHertz Communications | | | InterNIC CM3647 | Chief Engineer - 95.1 WVUR - Valparaiso,Indiana | | ------------------------------------------------------------------------- "Behavior is hard to change...but character is nearly impossible" On Thu, 12 Aug 1999, Nick Rogness wrote: > On Thu, 12 Aug 1999, Tom Brown wrote: > > > > > what rules should I add to my ipfw ruleset to block out icmp > > > > floods and smurf attacts, etc thanks. > > > > > > For smurf attacks, I've done it 2 different ways before, assuming > > > your local net is 192.168.0.0/24: > > > > > > # Permit traffic from local net 192.168.0.0/24 to broadcast addr. > > > ipfw add 1000 permit ip from 192.168.0.0/24 to 192.168.0.255/32 > > > # Deny log traffic from outside local net to local broadcast > > > ipfw add 2000 deny log ip from any to 192.168.0.255/32 in via de0 > > > > Doesn't that just stop you from being used as a smurf amplifier? I think > > the original poster wanted to know how to defend against being a smurf > > victim, which is much more difficult. The best resources I've seen for > > No this DENIES anyone from outside trying to hit the broadcast on > your local net. How are they suppose to hit your broadcast if it > is blocked at your gateways? I was assuming that this FreeBSD > machine IS the 'gateway' to his internal network and there was no > other path into his local net. In the example I gave de0 is the > outside interface to the world and his entire LAN is behind that. > That will stop Smurf & Fraggle attacks from outside to his Local > LAN. This attack should be blocked on ALL outside gateways or > your local net will get nailed. > > I'm not concerned with anyone from the local LAN smurf attacking > the local LAN because they will be affected just as well. > However, you could add ipfw entries to DETECT this activity, but > not block it. > > ******************************************************************* > Nick Rogness Shaw's Principle: > System Administrator Build a system that even a fool > RapidNet, INC can use, and only a fool will > nick@rapidnet.com want to use it. > ******************************************************************* > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9908121439260.51569-100000>