Hi, Regarding so called "smurf" DOS attacks, Author Robert Ziegler, "Linux Firewalls", suggests we need to be good Internet citizens and block smurf attacks at our firewalls. These attacks involve distributed, "spoofed" pings ("echo requests") to broadcast addresses of Internet connected networks for the purpose of causing DOS attacks upon unsuspecting hosts somewhere on the Internet. This occurs because each "echo request" spoofed by the perpetrator illicits multiple "echo responses" which are sent to the victim by firewalls (or routers) inadvertently co-operating in the attacks. Would you please review the following snippet from my "rc.firewall", and confirm that the code is correct and sufficient to block these attacks? -----<snip> IPADDR="aaa.bbb.ccc.ddd" # eg. 196.54.32.1 NETMASK="255.255.255.0" # Example is Class C GENERIC_BROADCAST="255.255.255.255" # *This* network only # # Example would give: 196.54.32.255 # DIRECTED_BROADCAST=`echo "$IPADDR" | awk -F\. '{print $1"."$2"."$3".255"}'` # # Example would give: 196.54.32.0 # NETWORK_ADDRESS=`echo "$IPADDR" | awk -F\. '{print $1"."$2"."$3".0"}'` # # Block "smurf" attacks. # ipchains -A input -i $EXTERNAL_INTERFACE -p icmp \ -d $GENERIC_BROADCAST -j DENY -l ipchains -A output -i $EXTERNAL_INTERFACE -p icmp \ -d $GENERIC_BROADCAST -j DENY -l ipchains -A input -i $EXTERNAL_INTERFACE -p icmp \ -d $NETMASK -j DENY -l ipchains -A output -i $EXTERNAL_INTERFACE -p icmp \ -d $NETMASK -j DENY -l ipchains -A input -i $EXTERNAL_INTERFACE -p icmp \ -d $DIRECTED_BROADCAST -j DENY -l ipchains -A output -i $EXTERNAL_INTERFACE -p icmp \ -d $DIRECTED_BROADCAST -j DENY -l ipchains -A input -i $EXTERNAL_INTERFACE -p icmp \ -d $NETWORK_ADDRESS -j DENY -l ipchains -A output -i $EXTERNAL_INTERFACE -p icmp \ -d $NETWORK_ADDRESS -j DENY -l -----</snip> Cheers Les Catterall