> My host has been abused for flooding with the "smurf-exploit", posted to
> bugtraq, so I patched my kernel to do not reply to ICMP_ECHO addressed to
> an IP address which doesnt belong to the host (broadcasted pkt).
Why hack and slash at your kernel when you can accomplish the same goal
with ipfwadm?
ipfwadm -I -a deny -P icmp -D 123.123.123.0 -S 0/0 0 8
ipfwadm -I -a deny -P icmp -D 123.123.123.255 -S 0/0 0 8
replace 123.123.123.0 and 123.123.123.255 with the actual network and
broadcast addresses for your lan.
> I recommand to install icmplog included in the iplogger packet, available
> at
> ftp://ftp.tu-graz.ac.at/pub/linux/redhat-contrib/SRPMS/iplogger-0.1-1.src.rpm
> to find out if you're abused by smurf to flood..
If you're being used as a smurf amplifier...you'll know.
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/message.
Florida Digital Turnpike |
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____