At 12:05 06/02/01 +0000, milunovic wrote:
>Is there anyway to deny echo request on FreeBSD (except ipfw add deny
>icmp from any to any) ?
>On Linux It was simple,just echo 1>/proc/.../icmp_echo_request
'ifconfig ifacename down'
does the same, and even more. just kidding:)
I don't see a valid reason to block echo req in an absolute manner.
Doing it on a per-rule basis (such as for some source hosts) seems
to me to be the right way. and this is currently only handled by
IP filtering engines, which again seems to be the right way.
Or may be do you have a motivation that I missed?
If you're having script kiddies trying to ping hosts in order to
attack'em, you'll certainly want to block more than just echo requests,
so ipfw or ipf are worth the pain. Otherwise, they can replace ping with
traceroute,
telnet, netcat, ....
or do you mean you want to prohibit using ping on the host itself so that your
users do not ping other hosts? then change the permissions of /sbin/ping
(and any
other equivalent prog. it must be setuid to use raw sockets, so they can't
just compile
one and use it).
regards,
mouss
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
