[ previous ] [ next ] [ threads ]
 
 From:  "Matt McGuire" <mmcguire at o1 dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Stopping DoS attacks
 Date:  Sat, 22 May 2004 11:13:31 -0700 
At times I am getting a lot of activity in the firewall logs.  I assume
this is a Dos attack with icmp?  Am I correct?  Also what is the best
way to stop this from happening?  I do not let this traffic through,
however the load on the firewall becomes so high that WAN access is
slowed to a crawl. Below is one of many identical entries.

11:06:03.544257 sis1 @0:19 b 63.163.92.73 -> 0.0.0.0 PR icmp len 20 56
icmp timxceed/transit for 0.0.0.0 - 63.163.92.1 PR icmp len 20 56 icmp
3/2 IN

Thanks,
Matthew