Best way to filter "Nachi pings"?

Francis A. Vidal francisv-sender-21ebc3 at irc.dagupan.com
Mon Oct 27 00:06:57 PST 2003


Wouldn't it break stuff like traceroute?

-----Original Message-----
From: Kris Kennaway [mailto:kris at obsecurity.org] 
Sent: Monday, October 27, 2003 4:03 PM
To: Brett Glass
Cc: security at freebsd.org
Subject: Re: Best way to filter "Nachi pings"?

On Mon, Oct 27, 2003 at 12:31:46AM -0700, Brett Glass wrote:
> We're being ping-flooded by the Nachi worm, which probes subnets for
> systems to attack by sending 92-byte ping packets. Unfortunately,
> IPFW doesn't seem to have the ability to filter packets by length.
> Assuming that I stick with IPFW, what's the best way to stem the
> tide?

Block all ping packets?  Most security-conscious admins do this
anyway.

Kris


More information about the freebsd-security mailing list