Date: Sun, 13 Apr 1997 11:53:15 -0500 From: "Jeffrey J. Mountin" <sysop@mixcom.com> To: Adrian Chadd <adrian@obiwan.aceonline.com.au> Cc: Anthony Barlow <tony@warp.co.uk>, freebsd-questions@FreeBSD.ORG Subject: Re: Firewalling large ICMP packets.. Message-ID: <3.0.32.19970413115314.00d09a64@mixcom.com>
next in thread | raw e-mail | index | archive | help
At 09:12 PM 4/13/97 +0800, Adrian Chadd wrote: >I *KNOW* that bit *grin* Odd all this talk here and elsewhere... what do I find in mail mail (at home even) a thing about Redhat. Have a set of CDs, but their old and dusty. Have to dust them and use them for coasters. Just like the IE 2.0 admin coaster on my desk. 8-) >I'm not worried about our machines dying, I'm worried about people ping >flooding our modems, both internally (user - user) and externally (world - >user / machine). All a user has to do to ping flood another user off is >say hit them with a 4kb ping packet from a decently-connected host to the >net. Some might call you a communist, but you can and probably should filter ICMP ping to dial-up from the world, not internal, as you may want to see if someone is alive. You may be able to protect dial-ups from each other. Working on other things, but some day... >Also - Ive logged a couple gig of ICMPs going to our dialups over the >week, and thats a lot in australian dollars. When people don't see ping >replies, 9 times out of 10 they stop thinking they've done the deed. Ouch! Just for fun the other day I flooded a friend as he was checking mail, poof, ring, "yes..", or sorry did you mail timeout?<g> "No route to host" works better. If you logged it, did you send a message to the owner? Along with a bill, which they could pass to their user(s). >I'm pretty sure the cisco 2501 could do that.. but I don't think this is >the list to ask how to play with IOS (unless of course, someone has >already done it :) Easily. And it should be, along with a slew of other things to filter. One thing I like for security on 2.2.1 was the default inetd.conf with almost all services commented out. The log for ports related to NFS is growing and I've found some hits to RADIUS recently, as well as the usual spoofing in or out and mail to websites is on the rise, which is just another reason why I don't allow MX for www.<domain> and once customers understand it, they like it. ------------------------------------------- Jeff Mountin - System/Network Administrator jeff@mixcom.net MIX Communications Serving the Internet since 1990
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19970413115314.00d09a64>