On 02/07/00 16:48 -0400, SUNIL KUMAR spewed into the LI bitstream:
>Can you please tell me how to disable ping flooding to my servers. How to know
>ping flooding is going on.
check /var/log/messages - the signs are very clear :)
To prevent ping storms, just ignore ICMP request packets ...
see this ...
Forum: The Linux Kernel Hackers' Guide
Re: Can you block or ignore ICMP packets?
Keywords: ICMP ping Internet echo flood
Date: Thu, 15 May 1997 14:30:48 GMT
From: Jukka Santala <[EMAIL PROTECTED]>
While adding that #define CONFIG_IP_IGNORE_ECHO_REQUESTS into
linux/net/ipv4/icmp.c will work fine for now, I'd suggest putting it into
the configuration-headers so it doesn't tangle up with further patches,
or, should that define later move into different file(s), lose it's
efficiency. This is also the easiest way to make sure all future versions
of the kernel you compile get that setting defined.
Unfortunately, I'm not quite sure where you can stick it without messing
up the kernel autoconfig ;) If anybody has any input on this, it would be
most welcome.
Meanwhile, if you're worried that ignoring _all_ echo-requests may be a
bit too rough move, there's a way to make the kernel ignore them
selectively. This is available at least in the 2.1.X series, unfortunately
I don't know if it's elsewhere.
While browsing the net earlier I came upon a site with cross- referenced
kernel sources for all major Linux distributions, so I thought I'd check
it out from there, but naturally I didn't save the URL anywhere, typical,
so if somebody knows that site I'd appreciate to know too ;)
But back on track... so how do you make that selective ignore? Simple,
first make sure CONFIG_NO_ICMP_LIMIT _isn't_ defined - don't worry how, it
won't be ;) Next, in linux/net/ipv4/icmp.c go to the end of the file where
there is a table of ICMP definitions - the first entry is after /* ECHO
REPLY (0) */ This is, incidentally, what you need to change. Change the
NULL on that line to &xrl_generic. So what does that do? I suggest you
look at the source and try to figure that out yourself - it's not that
hard, and allows you better diddle with it. (However, the limit-code seems
pretty inefficient to me, and is no use against spoofed ICMP-floods, so I
suggest relying on it with caution
--
Suresh Ramasubramanian + [EMAIL PROTECTED]
It has been said that man is a rational animal. All my life I have
been searching for evidence which could support this.
-- Bertrand Russell
-----------------------------------------------------------------------
Check out the 'What to do before posting to the list' site
for a list of things to try before posting. The site is
at http://botsie.tripod.com/beforeposting/
