Re: A simple way to filtering ICMP packets bigger than 64 bytes

Wed, 20 Jan 1999 08:05:52 -0500 

Chris Tobkin wrote:
> 
> Not necessarily.  I'd interpret the question is more along the lines of:
> "I have a machine that is vulnerable to the ping-of-death attack inside my
> network protected by a firewall.  What can I use to filter icmp packets that
> are larger than 64 bytes (and therefore deemed invalid)"  because some OSes are
> not vulnerable to the ping-of-death DoS and therefore they can protect ones
> that are.. (depending on the firewall/filter app being used it may be able to
> run on and protect machines that ARE vulnerable)
> 
> > On Mon, 18 Jan 1999, tito wrote:
> >
> > > Hi,
> > > I'm looking for a way to block ICMP Packets bigger than 64 bytes.
> > > I'm using NetBSD and its IPF.
> > > If You have any suggestion I will appreciate a lot :) thanks.
> > >
> > >
> > >                                                     Tito Magaldi Balbi
> 
> I'm currently seeing nothing in FW-1.. (but i deny all outside icmp anyways..)
> anyone else?
> 
> // chris
> [EMAIL PROTECTED]
> 
> *************************************************************************
> Chris Tobkin                                               [EMAIL PROTECTED]
> Java and Web Services - Academic and Distributed Computing Services - UMN
>  -----------------------------------------------------------------------
>   "Thanks to the printing press, the deviant smart people were able to
>     distribute their genius without having to pass it on genetically.
>          Evolution was short-circuited.  We gained knowledge and
>          technology without gaining intelligence." - Scott Adams
> *************************************************************************

I think there are things to do with the Inspect code in FW1:

-Define a service of type Other. Put the following in the match field: 
icmp, ip_len > 100 

This will match any ICMP packets greater than 100 bytes in length
including headers). Create a rule with this new service to drop the packet. 

-Franck 

    _/_/_/_/  
   _/_/_/_/   CNET -- France Telecom 
  _/_/_/_/    

 Franck Veysset, IP Security
 E-Mail : [EMAIL PROTECTED]
 Phone +33 (0)1 45 29 55 08 , Fax  +33 (0)1 45 29 65 19
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to