There is no mechanism to stop a DOS attack on the fire box. Actually on most firewalls a true DOS attack is impossible to stop. Have your Firewall admin allow the ICMP packets inbound from only that mail server (host). I doubt if your ISP will launch a DOS attack against you, even if they did you would be helpless against it. --- Barry George <bgeorge@wabang.com> wrote: > Hi All, > > We have a Firebox II setup stopping most of what we > don't want. > Everything has been running nicely, then our city > run ISP installed a > new mail server. We found that mail from its domain > was being slowed > down or blocked. On inspection to turns out that our > firewall was being > hit constantly my there mail server destined for our > mail server. Seems > they are sending ICMP packets for PMTU discovery, so > the Firebox sees > these ICMP packets as a possible DoS attack and > locks out the > domain.Seems the frequency has increased to several > packets per second > at worst. > The ISP says they are just following standard > RFC1191 protocols, but > something has to have changed as we haven't had this > problem before. > > If we let these through to our mail server are we > opening ourselves up > to attack? Sorry I don't directly configure the > Firebox myself so I'm > not sure what config. capabilities it has. I'd > appreciate any discussion > on this. > > Barry > __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]