|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Best way to filter "Nachi pings"?
From: Kris Kennaway (kris
obsecurity.org)
Date: Mon Oct 27 2003 - 02:02:40 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Oct 27, 2003 at 12:31:46AM -0700, Brett Glass wrote:
> We're being ping-flooded by the Nachi worm, which probes subnets for
> systems to attack by sending 92-byte ping packets. Unfortunately,
> IPFW doesn't seem to have the ability to filter packets by length.
> Assuming that I stick with IPFW, what's the best way to stem the
> tide?
Block all ping packets? Most security-conscious admins do this
anyway.
Kris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQE/nNEgWry0BWjoQKURAtthAJ4gTe6CHlnlpBh6U9wB/xP3mdlQPgCggN/L
5fHSG5lqIIcbEOhS+det7XE=
=7djy
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]