Best way to filter "Nachi pings"?
Kris Kennaway
kris at obsecurity.org
Mon Oct 27 00:02:41 PST 2003
On Mon, Oct 27, 2003 at 12:31:46AM -0700, Brett Glass wrote:
> We're being ping-flooded by the Nachi worm, which probes subnets for
> systems to attack by sending 92-byte ping packets. Unfortunately,
> IPFW doesn't seem to have the ability to filter packets by length.
> Assuming that I stick with IPFW, what's the best way to stem the
> tide?
Block all ping packets? Most security-conscious admins do this
anyway.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20031027/605235b5/attachment.bin
More information about the freebsd-security
mailing list