[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: smurf attack


On Thu, May 23, 2002 at 01:59:35AM -0700, sim ton wrote:
> hi,
> i need some advise
> does this line help me to protect well against smurf attack :
> echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # No Smurf amplifying

This stops your hosts from being misused to execute smurf attacks
against others. It should always be set if your router does not drop
> is there a better solution ?

Disabling icmp echo replys to your hosts on the backbone. there is no
other way, AFAIK.

Denying icmp on your local firewalls does not keep others from
saturating your connection.

Frederik Schüler

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: