Date: Tue, 26 Mar 1996 10:51:43 -0500 From: dennis@etinc.com (dennis) To: Darren Reed <avalon@coombs.anu.edu.au> Cc: hackers@freebsd.org Subject: Re: Restricting ping -s and -l Message-ID: <199603261551.KAA06239@etinc.com>
next in thread | raw e-mail | index | archive | help
>In some mail from Brian Tao, sie said: >> >> Are there any good reasons why a non-root user should need the -s >> and -l options in ping? I've had problems in the past with users >> starting up a dozen "ping -s 8000"'s to a foreign site, saturating our >> own T1 to the net. Who needs ping -f when you can control the packet >> size. :( >> >> I can't really think of any legitimate reason for allowing -s and >> -l to unprivileged user, but before I modify the source, I figured I'd >> ask around first. :) > >Do you stop them sending arbitary 8000 byte UDP packets ? > >Or is it the reurns which hurt ? Hack the host (or better yet the router) to discard all ping packets with a sequence number greater than (say 5). You don't want to restrict pings altogether, but theres rarely a good reason to send more than a few. Its real nice to do this in the router because it will keep other people from pinging you and eating up your bandwidth. Dennis ---------------------------------------------------------------------------- Emerging Technologies, Inc. http://www.etinc.com Synchronous Communications Cards and Routers For Discriminating Tastes. 56k to T1 and beyond. Frame Relay, PPP, HDLC, and X.25 for BSD/OS, FreeBSD and LINUX
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199603261551.KAA06239>