nanog mailing list archives
Re: [nsp] known networks for broadcast ping attacks
From: Systems Engineer <snash () lightning net>
Date: Wed, 30 Jul 1997 17:38:29 -0400
Well ever since this but was introduced to the outside world, I have since modified my present Firewall (ipfwadm v2.3.0) to accomodate. type prot source destination ports deny icmp 0.0.0.0 0.0.0.255 any deny icmp 0.0.0.255 0.0.0.0 any Depending on the nature of the attack, that will handle it. I have tested it and It has worked on my local machine. But the best thing to do is if you find no need for a broadcast ICMP message, simply filter it at the router. root () gannett com wrote:
The real problem I see with this particular attack is that there is nothing short of blocking all ICMPs that 'victim.com' can do. Atleastnot that I am aware of.Well, I've been filtering ICMP for quite a while at my border routers, and other than the occasional braindead sendmail configuration, and the fact that Solaris ping can't handle the "Administratively prohibited" return from the IOS filter rule, I've yet to see a major downside. We have a very large quantity of people hitting our network every day. Is there a specific reason that you can see to allow ICMP inbound to a 'victim.com'? Or at least to more than a handful of specific addresses? Perhaps there's a better solution with some sort of ICMP "proxy" at or just behind the router? Paul ---- -------------------------------------------------------------------- Paul D. Robertson gatekeeper () gannett com
-- --- --- --- --- --- --- --- --- --- Steven Nash ph: (516)248-8400ext25 Systems Engineer / Network Security fax: (516)248-8897 Lightning Internet Services LLC email: snash () lightning net http://www.lightning.net --- --- --- --- --- --- --- --- ---
Current thread:
- Re: [nsp] known networks for broadcast ping attacks, (continued)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Michael Shields (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Jon Lewis (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Joe Rhett (Jul 30)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Alex.Bligh (Jul 31)
- Re: [nsp] known networks for broadcast ping attacks Netstat Webmaster (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks root (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks root (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)