Re: DoS attack - advice needed

From: Antonio Carlos Pina (apina@infolink.com.br)
Date: 03/22/01 

From: "Antonio Carlos Pina" <apina@infolink.com.br>
To: <freebsd-security@freebsd.org>
Date: Thu, 22 Mar 2001 17:49:48 -0300

Source quench is supposed to be needed but is bad (big security risks). You
should avoid it.

Regards,
Cordialmente,
Antonio Carlos Pina
Diretor de Tecnologia
INFOLINK Internet
http://www.infolink.com.br

----- Original Message -----
From: "Ronan Lucio" <ronan@melim.com.br>
To: <security@freebsd.org>
Sent: Thursday, March 22, 2001 5:45 PM
Subject: Re: DoS attack - advice needed

> Sorry,
>
> I´d like say to allow the follow icmptypes:
>
> 3 (destination unreachable)
> 4 (source quench)
> 11 (ttl exceeded)
> 12 (ip header bad)
>
> I think it´s enough to cause no problem to the system and
> block ping packets
>
> Ronan Lucio
>
> > If I add a rules:
> >
> > ipfw add pass icmp from any to my.ip.adress icmptypes 3
> > ipfw add deny icmp from any to mu.ip.adress
> >
> > Will it resolve the problem of fragmented packets?
> >
> > Ronan Lucio
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Quantcast