Hello,
Is there a way I can use ipfw to disallow ICMP from anyone, but root?
(FreeBSD 4.7R) I tried this:
${fwcmd} -q add 4 allow icmp from any to any icmptype 0,3,8,11 in via
${outside}
${fwcmd} -q add 4 allow icmp from any to any uid root
${fwcmd} -q add 4 deny log icmp from any to any
But tha
>
> Is there a way I can use ipfw to disallow ICMP from anyone, but root?
> (FreeBSD 4.7R) I tried this:
>
> ${fwcmd} -q add 4 allow icmp from any to any icmptype 0,3,8,11 in via
> ${outside}
> ${fwcmd} -q add 4 allow icmp from any to any uid root
> ${fwcmd} -q add 4 deny log icmp from any to any
Mark wrote:
> I am just not very fond of the idea of local users starting ICMP wars over
> the net, using my server :) I have already had an instance where a web-user
> did an excessive ping attack on one of his buddies. And, naturally, I want
> to prevent that. The chmod u-s idea mentioned here,
On Wed, Aug 13, 2003 at 10:01:03PM +1000, Andy Farkas typed:
> Mark wrote:
>
> > I am just not very fond of the idea of local users starting ICMP wars over
> > the net, using my server :) I have already had an instance where a web-user
> > did an excessive ping attack on one of his buddies. And, n
- Original Message -
From: "Andy Farkas" <[EMAIL PROTECTED]>
To: "Mark" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, August 13, 2003 1:01 PM
Subject: Re: Restricting ICMP
> Mark wrote:
>
> > I am just not very fond
On Wed, Aug 13, 2003 at 09:56:04AM +, Mark typed:
> - Original Message -
> From: "Andy Farkas" <[EMAIL PROTECTED]>
> I am just not very fond of the idea of local users starting ICMP wars over
> the net, using my server :) I have already had an instance where a web-user
> did an exce
PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, August 13, 2003 2:42 PM
Subject: Re: Restricting ICMP
> - Original Message -
> From: "Andy Farkas" <[EMAIL PROTECTED]>
> To: "Markie" <[EMAIL PROTECTED]>
> Cc: "Mark" <[EMA
- Original Message -
From: "Mark" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 12, 2003 2:23 AM
Subject: Restricting ICMP
> Hello,
>
> Is there a way I can use ipfw to disallow ICMP from anyone, but
> root? (FreeBSD 4.7R) I tried
On Tue, Aug 12, 2003 at 12:28:40AM +, Mark wrote:
[..]
> Sorry for the addendum; but I was not entirely clear. I want to restrict
> *outgoing* ICMP (traceroute and such) to anyone, but root.
# chmod u-s /usr/sbin/traceroute /sbin/ping
--
Jonathan Chen <[EMAIL PROTECTED]>
---
- Original Message -
From: "Andy Farkas" <[EMAIL PROTECTED]>
To: "Mark" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, August 13, 2003 4:41 AM
Subject: Re: Restricting ICMP
> >
> > Is there a way I can use ipfw to disallo
> Is it? I thought it was setuid root for a reason :o)
...
> I just woke up, so it may well be I am just being stupid :o)
Well, I didn't know ping needed suid. I stand corrected and apologise for
any misleadings.
/me is the stupid one... time to go to bed :)
--
:{ [EMAIL PROTECTED]
An
- Original Message -
From: "Andy Farkas" <[EMAIL PROTECTED]>
To: "Markie" <[EMAIL PROTECTED]>
Cc: "Mark" <[EMAIL PROTECTED]>; "Ruben de Groot" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Wednesday, August 13, 20
12 matches
Mail list logo