Restricting ICMP

[Andy Farkas]

Mark wrote:

> I am just not very fond of the idea of local users starting ICMP wars over
> the net, using my server :) I have already had an instance where a web-user
> did an excessive ping attack on one of his buddies. And, naturally, I want
> to prevent that. The chmod u-s idea mentioned here, was a good idea. Except
> that, prefereably, I'd like all of wheel to have access, and the rest not.
> And that may be harder to implement.

If your users play up, put your BOFH hat on and lart them.

chmod'ing /sbin/ping is useless - users can compile their own version of
ping.

Make your users aware that abusing ping (and other net resources) will get
them kicked and banned from your system.

--

 :{ andyf at speednet.com.au

        Andy Farkas
    System Administrator
   Speednet Communications
 http://www.speednet.com.au/