[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] try this
Question: Hi, One of the sites I manage is currently under a heavy smurf attack, the only way I can think of to stop it is to go upstream to my provider and ask them to block echo-replys (or just ICMP) to the target machine, but my provider (exodus) refuses to help. :( Is there ANYTHING else I can do? Thanks, Tim. Answer: try identifying all the ports that is being needed by the server. then apply this rule: source destination service action any any ping_of_death drop any webserver all identified accept necessary ports only any any any drop note: you should create the "ping_of_death" service coz its not predefined in the Checkpoint. On the userdefined properties, type icmp,ip_len>500 in the match field. 500 is the maximum packets in bytes to be allowed for any ICMP request. hope this could help! mike ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|