Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] try this

To: "'[email protected]'" <[email protected]>
Subject: [FW1] try this
From: "Michael F. Tagle" <[email protected]>
Date: Wed, 4 Oct 2000 05:42:47 +0800
Cc: "'[email protected]'" <[email protected]>
Sender: [email protected]

Question:

Hi,

One of the sites I manage is currently under a heavy smurf attack, the
only way I can think of to stop it is to go upstream to my provider
and ask them to block echo-replys (or just ICMP) to the target machine,
but my provider (exodus) refuses to help.   :(

Is there ANYTHING else I can do?

Thanks,

Tim.


Answer:


try identifying all the ports that is being needed by the server. then apply
this rule:

source		destination		service
action

any		any 			ping_of_death			drop

any		webserver		all identified
accept
					necessary ports only

any		any 			any				drop


note:	 you should create the "ping_of_death" service coz its not
predefined in the Checkpoint.  On the userdefined properties, type
icmp,ip_len>500 in the match field. 500 is the maximum packets in bytes to
be allowed for any ICMP request. hope this could help!

mike

	


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] try this
  - From: Cedric Amand <[email protected]>

Prev by Date: Re: [FW1] CCSA & CCSE with passion
Next by Date: RE: [FW1] Install Security Policy - No Response from Server
Previous by thread: [FW1] Nokia HA configuration and Checkpoint Licensing question?
Next by thread: Re: [FW1] try this
Index(es):
- Date
- Thread