Date: Tue, 29 Feb 2000 00:14:44 -0800 (PST) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: Cy.Schubert@uumail.gov.bc.ca (Cy Schubert - ITSD Open Systems Group) Cc: cjclark@home.com, lev@imc.macro.ru (Lev Serebryakov), freebsd-security@FreeBSD.ORG (All) Subject: Re: ipfw log accounting Message-ID: <200002290814.AAA81399@gndrsh.dnsmgr.net> In-Reply-To: <200002290343.TAA07654@cwsys.cwsent.com> from Cy Schubert - ITSD Open Systems Group at "Feb 28, 2000 07:42:42 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> In message <20000228215904.B31743@cc942873-a.ewndsr1.nj.home.com>, > "Crist J. Cl > ark" writes: > > On Tue, Feb 29, 2000 at 01:46:53AM +0300, Lev Serebryakov wrote: > > [snip] > > > And one more question: > > > How could I write rule, which skip all broadcast traffic? My > > > computer is on big provider's net, and here is more than one > > > broadcast address (many subnets on one wire)... > > > > Never tried this and haven't glanced at the source to see if it has a > > chance of working, but _theoretically_ is there a reason that, > > > > deny ip from 0.0.0.255:0.0.0.255 to any > > > > A "reversed" netmask won't work? > > Been there done that. This works using either IPFW or IP Filter, > however you'll want to code it as the following, as the destination is > the broadcast address: Actually you need to be a bit selective, your host is going to have a real hard time doing arp's if you block all broadcast packets. Make sure you have a directly connected network specific ``allow'' of broadcast destinations. Also you really do want to block source broadcast address packets too, they are often abuse by attacks. Ping with src address = bcast and watch all the icmp fly when the echo reply goes back to the bcast address (need broken host that will do this on the network) :-(. > > deny ip from any to 0.0.0.255:0.0.0.255 > > Or if you use IP Filter, > > block in on xl0 from any to 0.0.0.255:0.0.0.255 And do add: deny ip from 0.0.0.255:0.0.0.255 to any -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002290814.AAA81399>