There is no mechanism to stop a DOS attack on the fire
box. Actually on most firewalls a true DOS attack is
impossible to stop. Have your Firewall admin allow
the ICMP packets inbound from only that mail server
(host). I doubt if your ISP will launch a DOS attack
against you, even if they did you would be helpless
against it.
--- Barry George <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> We have a Firebox II setup stopping most of what we
> don't want.
> Everything has been running nicely, then our city
> run ISP installed a
> new mail server. We found that mail from its domain
> was being slowed
> down or blocked. On inspection to turns out that our
> firewall was being
> hit constantly my there mail server destined for our
> mail server. Seems
> they are sending ICMP packets for PMTU discovery, so
> the Firebox sees
> these ICMP packets as a possible DoS attack and
> locks out the
> domain.Seems the frequency has increased to several
> packets per second
> at worst.
> The ISP says they are just following standard
> RFC1191 protocols, but
> something has to have changed as we haven't had this
> problem before.
>
> If we let these through to our mail server are we
> opening ourselves up
> to attack? Sorry I don't directly configure the
> Firebox myself so I'm
> not sure what config. capabilities it has. I'd
> appreciate any discussion
> on this.
>
> Barry
>
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
