Greetings list,

Is there a URL or location somewhere that specifically 
addresses patches/changes to NetBSD to increase 
security with network interfaces?

NetBSD servers on our public internet connection are a weak 
spot against malicious flooders and such.  It seems the interfaces 
have no protection against enormous pings and icmp 
floods, at least without some form of configuration.  
Disgruntled customers, former employees and general
malicious internet attackers with shell access find it 
easy to shut down our T1 for hours as long as one of our 
NetBSD servers is online.

Is there some method or interface/kernal patch to make the 
server reject oversized packets/icmp data?  Or maybe some
listener program that shuts off these ports on detection of
possible flood?   

Thanks in advance,
Steve Paul