Question:
Hi,
One of the sites I manage is currently under a heavy smurf attack, the
only way I can think of to stop it is to go upstream to my provider
and ask them to block echo-replys (or just ICMP) to the target machine,
but my provider (exodus) refuses to help. :(
Is there ANYTHING else I can do?
Thanks,
Tim.
Answer:
try identifying all the ports that is being needed by the server. then apply
this rule:
source destination service
action
any any ping_of_death drop
any webserver all identified
accept
necessary ports only
any any any drop
note: you should create the "ping_of_death" service coz its not
predefined in the Checkpoint. On the userdefined properties, type
icmp,ip_len>500 in the match field. 500 is the maximum packets in bytes to
be allowed for any ICMP request. hope this could help!
mike
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
