pfSense Support Subscription

Author Topic: Block ICMP Flooding  (Read 214 times)

0 Members and 1 Guest are viewing this topic.

Offline schnookiecakes

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Block ICMP Flooding
« on: November 27, 2017, 08:10:34 pm »
Hello,


Does anyone know to block ICMP Flooding? I already put a block rule in WAN Firewall rule but it keeps on flooding my WAN.








Thank you.

Offline KOM

  • Hero Member
  • *****
  • Posts: 5402
  • Karma: +671/-19
    • View Profile
Re: Block ICMP Flooding
« Reply #1 on: November 27, 2017, 09:32:21 pm »
The default WAN rules allow nothing into your network.  What you are seeing are blocked ICMP packets hitting your WAN and being dropped.

There is no magic way for you to avoid having traffic hit your WAN without involving your upstream ISP to null-route that traffic.  You can't stop a DoS with a firewall.

What's up with all that private network traffic anyway?  What kind of network are you on?

Offline schnookiecakes

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Block ICMP Flooding
« Reply #2 on: November 27, 2017, 09:54:02 pm »
This private IPs are attackers private IPs, I don't know why it shows Private IPs instead of public ones. When they attacked me via DNS, it shows Public IPs however on ICMP attack it shows private IPs instead.

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2209
  • Karma: +204/-12
    • View Profile
Re: Block ICMP Flooding
« Reply #3 on: November 28, 2017, 08:32:42 am »
They're sending spoofed packets. Trivial to do. You learn how to do this in network 101. You can't stop traffic from hitting you, only ignore the traffic. The same way a bullet proof vest doesn't stop someone from shooting at you. A firewall doesn't stop a fire, it stops a fire from spreading.