> You're still fucked by the time they get to you unless you can block them
> upstream :).
Not necessarily. I'd interpret the question is more along the lines of:
"I have a machine that is vulnerable to the ping-of-death attack inside my
network protected by a firewall. What can I use to filter icmp packets that
are larger than 64 bytes (and therefore deemed invalid)" because some OSes are
not vulnerable to the ping-of-death DoS and therefore they can protect ones
that are.. (depending on the firewall/filter app being used it may be able to
run on and protect machines that ARE vulnerable)
> On Mon, 18 Jan 1999, tito wrote:
>
> > Hi,
> > I'm looking for a way to block ICMP Packets bigger than 64 bytes.
> > I'm using NetBSD and its IPF.
> > If You have any suggestion I will appreciate a lot :) thanks.
> >
> >
> > Tito Magaldi Balbi
I'm currently seeing nothing in FW-1.. (but i deny all outside icmp anyways..)
anyone else?
// chris
[EMAIL PROTECTED]
*************************************************************************
Chris Tobkin [EMAIL PROTECTED]
Java and Web Services - Academic and Distributed Computing Services - UMN
-----------------------------------------------------------------------
"Thanks to the printing press, the deviant smart people were able to
distribute their genius without having to pass it on genetically.
Evolution was short-circuited. We gained knowledge and
technology without gaining intelligence." - Scott Adams
*************************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
