Re: Best way to filter "Nachi pings"?

From: Kris Kennaway (kris_at_obsecurity.org)
Date: 10/27/03

Next message: Francis A. Vidal: "RE: Best way to filter "Nachi pings"?"

Previous message: Brett Glass: "Best way to filter "Nachi pings"?"
In reply to: Brett Glass: "Best way to filter "Nachi pings"?"
Next in thread: Francis A. Vidal: "RE: Best way to filter "Nachi pings"?"
Reply: Francis A. Vidal: "RE: Best way to filter "Nachi pings"?"
Reply: Jarkko Santala: "Re: Best way to filter "Nachi pings"?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 27 Oct 2003 00:02:40 -0800
To: Brett Glass <brett@lariat.org>

On Mon, Oct 27, 2003 at 12:31:46AM -0700, Brett Glass wrote:
> We're being ping-flooded by the Nachi worm, which probes subnets for
> systems to attack by sending 92-byte ping packets. Unfortunately,
> IPFW doesn't seem to have the ability to filter packets by length.
> Assuming that I stick with IPFW, what's the best way to stem the
> tide?

Block all ping packets? Most security-conscious admins do this
anyway.

Kris

application/pgp-signature attachment: stored

Next message: Francis A. Vidal: "RE: Best way to filter "Nachi pings"?"

Previous message: Brett Glass: "Best way to filter "Nachi pings"?"
In reply to: Brett Glass: "Best way to filter "Nachi pings"?"
Next in thread: Francis A. Vidal: "RE: Best way to filter "Nachi pings"?"
Reply: Francis A. Vidal: "RE: Best way to filter "Nachi pings"?"
Reply: Jarkko Santala: "Re: Best way to filter "Nachi pings"?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]