This is the most accurate post I have seen yet. Byron is correct. Welcome to DoS. What you have to remember is that if you block the ICMP traffic at you firewall, this will only cause you firewall to not respond to it. You will still get all of the "PING" traffic coming to your firewall, using up you bandwidth and causing degradation or loss of service. You need to have it blocked further up the chain. Contact you ISP or Telco and see if they can work with you to block the traffic either ICMP to you IP or to block ICMP from a specific host. This can be a lot of work to stop a "simple PING" but that "simple PING" can be dangerous. For more information on this checkout www.grc.com, Gibson wrote a very detailed article on what he did when he was getting a DOS attack.
-------------------------------- Rob Weatherly -------------------------------- -----Original Message----- From: Byron Kennedy [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 12:58 PM To: NT 2000 Discussions Subject: RE: Ping Replies Technically, icmp doesn't use ports, but can be filtered via "types" and "codes"). But your strategy is a good idea. I'd do following if I had the choice: 1. block inbound echo requests (and other abused icmp traffic for that matter... i.e "redirects") for the hosts/segment at the border router. Or.... 2. ... At the statefull firewall. Or..... 3. at the host using a personal firewall, or windows filtering -----Original Message----- From: Jose Manzano [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 9:04 AM To: NT 2000 Discussions Subject: RE: Ping Replies Can't you just block the port IMCP request go through ... this way they can ping but will not get replies. -----Original Message----- From: Ed Esgro [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 11:30 AM To: NT 2000 Discussions Subject: RE: Ping Replies Filter ICMP packets. -----Original Message----- From: Duane Boudreau [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 9:37 AM To: NT 2000 Discussions Subject: Ping Replies Hi All, Is there anyway to prevent Win2K server from replying to a ping, specifically for an IP address? Thanks, Duane ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% *****This email and any files transmitted with it are confidential and intended solely for the use of the addressee. If you have received this email in error please notify [EMAIL PROTECTED] Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Stainsafe Inc. or any of its subsidiaries or affiliates. The company accepts no liability for any damage caused by any virus transmitted by this email.***** ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% *****This email and any files transmitted with it are confidential and intended solely for the use of the addressee. If you have received this email in error please notify [EMAIL PROTECTED] Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Stainsafe Inc. or any of its subsidiaries or affiliates. The company accepts no liability for any damage caused by any virus transmitted by this email.***** ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
