> I've found this trick... ComOS apparently has a hole when it
> comes to large ICMP packets.. Filter all ICMP packets to the ethernet
> interface of the PM from both dialups and the ethernet side of things.
> It'll save yourself some administration hassle (and screw up traceroutes -
> but Livingston's already do that to 90% of the installed system base of
> the world anyways).
>
> JS
I've been hit by a 2mbs stream of large ICMP echo-request (ping) to a
PM3. Other than eating up a LOT of buffer space (as shown by "show
memory"), it didn't do much.
BTW, you ought to read the release notes for b20.
Tom
> On Sun, 6 Jul 1997, Robert Hiltibidal wrote:
>
> > Howdy,
> >
> > A DoS, Denial of Service attack floods a particular port with requests
> > that are never answered. The result is your os (server,router,portmaster)
> > ends up with a bunch of open requests that eat up memory.
> >
> > Most DoS attacks use a spoofed address, nonroutable existing address, to
> > hide their source. We have found that this causes a number of ICMP
> > redirects in the syslog file. We'll then go to the router and ban that
> > particular ip. The bad thing about a DoS attack is that it mimics an
> > actual request for service.
> >
> > Now, how this applies to the portmaster I don't know. A portmaster only
> > provides a basic function. Its possible to deny telnet access but that
> > doesn't shut the portmaster down. Up to know I really hadn't thought it
> > possible to do a DoS attack on a portmaster and actually take it off line.
> > I would ask the question: Was the root password compromised?
> >
> >
> > Rob
> >
> >
> >
> >
> > Systems Programmer "Open the doors of your stores
> > rob@fgi.net 24 hours a day"
> > morgan@springpatch.com Springpatch Mall
> > http://www.springpatch.com
> >
> >
>
>
>