[nos-bbs] icmp
maiko at pcsinternet.ca
maiko at pcsinternet.ca
Wed Dec 21 12:51:56 EST 2022
if I am correct, 'icmp echo off' simply tells JNOS to
not process (show) ping replies initiated by your end.
Maiko
On 2022-12-20 19:41, jj wrote:
> jnos here has been getting slammed with icmp ddos/probes/pings from
> 52.94.35.0/24 (botnet?) an amazon(?)
>
> subnet...I have icmp echo off, and it still replies to ping probes,
> and is responding to the icmp
>
> attack as well...icmp quench is off...shouldn't that be the default?
>
> "
>
> 7. Recommendation Regarding RFC 1016
>
> [RFC1016] describes an experimental approach to the handling of
> ICMP
> Source Quench messages in hosts that was considered in 1987. Even
> though RFC 1016 has never been on the IETF Standards Track, for
> clarity and avoidance of doubt we note that the approach described
> in
> [RFC1016] MUST NOT be implemented.
>
> 8. Security Considerations
>
> ICMP Source Quench messages could be leveraged for performing blind
> throughput-reduction attacks against TCP and similar protocols.
> This
> attack vector, along with possible countermeasures, has been
> discussed in great detail in [RFC5927] and [CPNI-TCP]. Silently
> ignoring ICMP Source Quench messages, as specified in this
> document,
> eliminates the aforementioned attack vector.
>
> For current TCP implementations, receipt of an ICMP Source Quench
> message should not result in security issues because, as noted in
> [RFC5927] and [CPNI-TCP], virtually all current versions of popular
> TCP implementations already silently ignore ICMP Source Quench
> messages. This is also the case for SCTP and DCCP implementations.
>
> Hosts, security gateways, and firewalls MUST silently discard
> received ICMP Source Quench packets and SHOULD log such drops as a
> security fault with at least minimal details (IP Source Address, IP
> Destination Address, ICMP message type, and date/time the packet
> was
> seen)."
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at lists.tapr.org
> http://lists.tapr.org/mailman/listinfo/nos-bbs_lists.tapr.org
More information about the nos-bbs
mailing list