Restricting ICMP
Andy Farkas
andyf at speednet.com.au
Wed Aug 13 05:01:37 PDT 2003
Mark wrote:
> I am just not very fond of the idea of local users starting ICMP wars over
> the net, using my server :) I have already had an instance where a web-user
> did an excessive ping attack on one of his buddies. And, naturally, I want
> to prevent that. The chmod u-s idea mentioned here, was a good idea. Except
> that, prefereably, I'd like all of wheel to have access, and the rest not.
> And that may be harder to implement.
If your users play up, put your BOFH hat on and lart them.
chmod'ing /sbin/ping is useless - users can compile their own version of
ping.
Make your users aware that abusing ping (and other net resources) will get
them kicked and banned from your system.
--
:{ andyf at speednet.com.au
Andy Farkas
System Administrator
Speednet Communications
http://www.speednet.com.au/
More information about the freebsd-questions
mailing list