[svlug] Firewalling ICMP

Marc MERLIN marc_news at valinux.com
Wed Aug 30 21:40:10 PDT 2000

Previous message: [svlug] Firewalling ICMP
Next message: [svlug] Good _online_ socket reference
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 30, 2000 at 09:16:16PM -0700, J C Lawrence wrote:
> That doesn't prevent doing either network discovery/mapping, slow

If my machine is sitting on the internet, it probably provides some service,
if it does, you can map it :-)
Blocking pings just to hide doesn't do much good...

> link attacks with over-large echo-request payloads, or (I presume

I don't block per packet size, although I could.

> you handle this in other rules) broadcast/flood attacks.

Yeah,  I do  reject packets  that aren't  explicitely for  me and  typically
ignore broadcast packets too.

> BTW: Thanks, I wasn't aware of RFC 792 and UDP source-quench.
> <quickly adding that to his notes>

Found out about it by looking in my reject logs :-)

Marc
-- 
Microsoft is to software what McDonalds is to gourmet cooking

Home page: http://marc.merlins.org/ (friendly to non IE browsers)
Finger marc_f at merlins.org for PGP key and other contact information

Previous message: [svlug] Firewalling ICMP
Next message: [svlug] Good _online_ socket reference
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list