Steve Paul <stevep@mccue.com> writes:
> Is there a URL or location somewhere that specifically 
> addresses patches/changes to NetBSD to increase 
> security with network interfaces?
> 
> NetBSD servers on our public internet connection are a weak 
> spot against malicious flooders and such.  It seems the interfaces 
> have no protection against enormous pings and icmp 
> floods, at least without some form of configuration.  
> Disgruntled customers, former employees and general
> malicious internet attackers with shell access find it 
> easy to shut down our T1 for hours as long as one of our 
> NetBSD servers is online.

If the problem is flooding, there is literally no connection with the
operating system on the destination machine. I can flood your network
EVEN IF YOU HAVE NO HOSTS UP. The only way you can cut off flooding is 
at the OTHER END of the connection, not at the flooded end.

Perry