[fw-wiz] help with attack

From: Mark Ryan (markryan@charter.net)
Date: 10/11/02


From: "Mark Ryan" <markryan@charter.net>
To: <firewall-wizards@honor.icsalabs.com>
Date: Fri Oct 11 17:12:01 2002

Is there a way to prevent the following attack from happening again?
They icmp type-8 flooded me for hours. My iptables firewall script
logged and logged but my connection went down for hours. Here is an
example from the log.

Oct 10 23:15:58 dhcp-16-8 kernel: Netfilter: IN=eth0 OUT=
MAC=00:e0:29:6f:8c:b8:00:d0:ba:1e:6d:70:08:00 SRC=68.144.164.40
DST=24.240.225.207 LEN=545 TOS=0x00 PREC=0x00 TTL=115 ID=1273 PROTO=ICMP
TYPE=8 CODE=0 ID=65039 SEQ=3088

I am using redhat 7.2 on a P166 with 2 nic cards as a router. I am
running a iptables rules script that I found on the internet.
Thanks,
Mark