Subject: Re: ping floods
To: Nick Loman <nick@csosl.co.uk>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-net
Date: 03/24/1997 15:33:51
> I'm getting fed-up of my users doing ping floods (ping -s 8000 host)
> whenever they encounter a lame user on IRC. Can anyone suggest a way
> of keeping ping ability available to users without them being able to
> run commands like this which will soak up all my bandwidth uselessly?
This is a human problem, not a technical one. Block -s, and they can
just "while :; do ping host &; sleep 1; done &', wait a minute, and
kill the loop. Or write a program to spray the target host with UDP
packets, or TCP connections, or whatever.
If the problem really is restricted to ping, why not just create a
"noping" group and make ping 4501 root:noping, and as users abuse ping,
they get added to the noping group. (Yeah, those particular users lose
ping capability, but I don't consider that a problem; they deserve it.)
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B