From nimrood@tester.randomc.com Mon Sep 16 03:38:06 1996 Received: (sendmail@localhost) by suburbia.net (8.7.4/Proff-950810) id DAA15878 for ; Mon, 16 Sep 1996 03:38:06 +1000 Received: from tester.randomc.com(205.139.134.19) via SMTP by profane.adso.com.au, id smtpd15853aaa; Sun Sep 15 17:37:57 1996 Received: (from nimrood@localhost) by tester.randomc.com (8.7.4/8.7.3) id NAA06486; Sun, 15 Sep 1996 13:20:56 GMT Date: Sun, 15 Sep 1996 13:20:56 +0000 (GMT) From: LuNaTiC FRiNGe To: Alfy cc: best-of-security@suburbia.net Subject: Re: BoS: ping flood In-Reply-To: <199609150007.CAA07558@worldcom.ch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII On Sun, 15 Sep 1996, Alfy wrote: > hello do you people know if there's a way for a system admin to prevent ping > floods from faster machines and which may cause a hudge slowdown of the > connection ? I don't know of a way to prevent them (I imagine it could be prevented by modifying the kernel to drop any echo request packets greater than size X), but you can find out WHO is pinging you and then contact the proper people to have it stopped. The quickest way would be to do this command with ping (it may or may not work on your platform): ping -v -i372727723 localhost "-v" is for verbose output which will display any echo requests that reach your system, and "-i" is the time to wait between each ping of localhost. You may have to consult your man pages to find out the proper switches if those don't work on your system. There are also a few programs floating around on the web that will listen and display ICMP requests that hit your machine. Nimrood