Security Incidents mailing list archives
Re: ICMP attack in progress?
From: rcasey () CRP ORG (Ryan Casey)
Date: Fri, 26 May 2000 09:45:29 -0400
At 12:37 PM 05/25/2000 -0500, you wrote:
Hi there, I'm geting these packages, I guess it's an ICMP DoS attack: 13:34:59.370266 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo request (ttl 219, id 1045) 13:34:59.370594 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo request (ttl 213, id 1045) 13:34:59.370919 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo request (ttl 217, id 1045) 13:34:59.371215 eth0 B a-mc4-42.tin.it > foo.foo.bar.255: icmp: echo request (ttl 213, id 1045) Chain input (policy ACCEPT):
Have you thought about setting a policy to deny any icmp echo requests to your broadcast address? You might also want to to change your default policy to DENY instead of ACCEPT. Ryan Casey
Current thread:
- Re: ICMP attack in progress? Ryan Casey (May 26)