[Dshield] Ping??? DOS???? From DELL.COM

Russell Washington russ.washington at vaultsentry.com
Fri Jun 21 15:48:40 GMT 2002


Ack, good point.

And the funny thing is that I started to type "maybe just ICMP type 8" but I
decided to try to keep it simple instead.  D'oh! :)

-----Original Message-----
From: E.B. Dreger [mailto:eddy+public+spam at noc.everquick.net] 
Sent: Thursday, June 20, 2002 8:14 PM
To: 'list at dshield.org'
Subject: RE: [Dshield] Ping??? DOS???? From DELL.COM


RW> Date: Thu, 20 Jun 2002 14:55:14 -0700
RW> From: Russell Washington


RW> It's entirely possible that someone is spoofing the dell.com IPs... 
RW> you may want to consider dropping ICMP entirely until this passes.  
RW> You may find out after doing so that there are other kinds of 
RW> traffic involved in the attack...

Don't drop all ICMP.  Allow unreachables to pass... else you break path MTU
discovery.


Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting,
e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist at brics.com>
To: blacklist at brics.com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots. Do NOT send
mail to <blacklist at brics.com>, or you are likely to be blocked.

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list