Best way to filter "Nachi pings"?
Andy Farkas
andyf at speednet.com.au
Wed Oct 29 19:01:50 PST 2003
On Mon, 27 Oct 2003, Jarkko Santala wrote:
> On Mon, 27 Oct 2003, Kris Kennaway wrote:
> > On Mon, Oct 27, 2003 at 11:06:52AM +0200, Jarkko Santala wrote:
> > >
> > > Definitely this block-all approach is not sane, its like if someone
> > > complains about NFS being broken you'd say disable it. Filtering packets
> > > by length on the other hand is a very nice feature to have.
> >
> > As it happens, ipfw[2] does this anyway.
>
> IMHO this is the correct answer that might have been given right away.
So, using IPFW2, a rule to block the nachi ping would look like:
add deny icmp from any to any in icmptypes 8 iplen 92
correct?
--
:{ andyf at speednet.com.au
Andy Farkas
System Administrator
Speednet Communications
http://www.speednet.com.au/
More information about the freebsd-security
mailing list