Best way to filter "Nachi pings"?
Francis A. Vidal
francisv-sender-21ebc3 at irc.dagupan.com
Mon Oct 27 00:06:57 PST 2003
Wouldn't it break stuff like traceroute?
-----Original Message-----
From: Kris Kennaway [mailto:kris at obsecurity.org]
Sent: Monday, October 27, 2003 4:03 PM
To: Brett Glass
Cc: security at freebsd.org
Subject: Re: Best way to filter "Nachi pings"?
On Mon, Oct 27, 2003 at 12:31:46AM -0700, Brett Glass wrote:
> We're being ping-flooded by the Nachi worm, which probes subnets for
> systems to attack by sending 92-byte ping packets. Unfortunately,
> IPFW doesn't seem to have the ability to filter packets by length.
> Assuming that I stick with IPFW, what's the best way to stem the
> tide?
Block all ping packets? Most security-conscious admins do this
anyway.
Kris
More information about the freebsd-security
mailing list