Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ICMP attack in progress?

From: rcasey () CRP ORG (Ryan Casey)
Date: Fri, 26 May 2000 09:45:29 -0400

At 12:37 PM 05/25/2000 -0500, you wrote:

Hi there, I'm geting these packages, I guess it's an ICMP DoS attack:

13:34:59.370266 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo
request (ttl 219, id 1045)
13:34:59.370594 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo
request (ttl 213, id 1045)
13:34:59.370919 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo
request (ttl 217, id 1045)
13:34:59.371215 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo
request (ttl 213, id 1045)

Chain input (policy ACCEPT):


Have you thought about setting a policy to deny any icmp echo requests to
your broadcast address?

You might also want to to change your default policy to DENY instead of ACCEPT.

Ryan Casey
Previous By Date Next
Previous By Thread Next

Current thread: