Re: Best way to filter "Nachi pings"?

From: Jarkko Santala (jake_at_iki.fi)
Date: 10/27/03

Next message: Francis A. Vidal: "RE: Best way to filter "Nachi pings"?"

Previous message: fingers: "Re: Best way to filter "Nachi pings"?"
In reply to: Kris Kennaway: "Re: Best way to filter "Nachi pings"?"
Next in thread: Francis A. Vidal: "RE: Best way to filter "Nachi pings"?"
Reply: Francis A. Vidal: "RE: Best way to filter "Nachi pings"?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 27 Oct 2003 11:06:52 +0200 (EET)
To: Kris Kennaway <kris@obsecurity.org>

On Mon, 27 Oct 2003, Kris Kennaway wrote:

> On Mon, Oct 27, 2003 at 12:31:46AM -0700, Brett Glass wrote:
> > We're being ping-flooded by the Nachi worm, which probes subnets for
> > systems to attack by sending 92-byte ping packets. Unfortunately,
> > IPFW doesn't seem to have the ability to filter packets by length.
> > Assuming that I stick with IPFW, what's the best way to stem the
> > tide?
>
> Block all ping packets? Most security-conscious admins do this

D'oh? I like ping very much and it would make me very sad indeed if I
couldn't ping my boxes to solve possible network problems along the way. I
fail to see the security problem and possible DoS issues could be solved
by using limiting of sort.

Definitely this block-all approach is not sane, its like if someone
complains about NFS being broken you'd say disable it. Filtering packets
by length on the other hand is a very nice feature to have.

-jake

-- 
Jarkko Santala <jake(ät)iki.fi>  System Administrator  http://iki.fi/jake/
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Francis A. Vidal: "RE: Best way to filter "Nachi pings"?"

Previous message: fingers: "Re: Best way to filter "Nachi pings"?"
In reply to: Kris Kennaway: "Re: Best way to filter "Nachi pings"?"
Next in thread: Francis A. Vidal: "RE: Best way to filter "Nachi pings"?"
Reply: Francis A. Vidal: "RE: Best way to filter "Nachi pings"?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: IP Firewalling by DNS name
... > Is it possible to use ipfw to filter packets by domain name? ... That would required the IPFW code to perform reverse ... receives the ssh setup packets via an IPFW divertrule. ... authentication and put the TLD with your public key in the ...
(freebsd-stable)
IP Firewalling by DNS name
... Is it possible to use ipfw to filter packets by domain name? ... I'd like to allow ssh logins only from a specific ... To unsubscribe, ...
(freebsd-stable)