Re: System Hangs

Count Zero (
Sun, 16 Nov 1997 22:29:42 -0800 (PST)

actually.. to avoid getting 'smurfed' or being a 'reflector' your best bet
is to filter ICMP in your router... I am not sure which types offhand, but
if you can trace what interface they are coming across, you can contact
that provider and have them add 'no ip directed broadcast' to the router,
if it is a Cisco.. or, a simpler icmp filter if it is some other device.
as for your end, I'd recommend adding a size limit as well as a frequency
filter to your router for ICMP..

<oops, this is getting into> =P

Count Zero Interrupt
Sysadmin, Freak, Monster Extrordinaire

"I'm not REALLY a bad guy" -William H. Gates III
On Sun, 16 Nov 1997, FOONET Administrator wrote:

> I have experienced many system hangs in the last few days even after
> applying the IP Frag patch.. I found out the reason that I got a system hang
> when someone used "smurf" to attack the machine .. it was getting icmp echo
> replies from about 500 different hosts about 17megabits/sec . as SOON as the
> eth0 went up the machine would lock up.. it wouldn't even finish booting
> because as soon as the eth0 was activated it would dead lock. Is this a
> problem with the kernel or a problem with the 3c90x.c driver ?
> Kernel 2.0.32 pre - 5 with ip frag patch K6 233 128MB ram
> 3com 3c905 100BTX Card PCI
> It's on a 10 megabit non switching hub right now.
> Is there any way to specify the mode of the card during bootup with lilo?
> Can I disable bus mastering?
> Any ideas on what would cause this??
> I finally found a way to make it lock up every single time by sending this
> stream of data.. Any ideas would be appreciated!
> Paul