[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[linux-security] Re: ICMP
- From: Andreas Schamanek <Andreas Schamanek univie ac at>
- To: "linux-security redhat com" <linux-security redhat com>
- Subject: [linux-security] Re: ICMP
- Date: Thu, 29 Jun 2000 13:44:05 +0200 (MEST)
[mod: people, please, please try to refrain from "my security policy
is better than yours" discussions. Really, there are a lot of
possibilities. Some will want to disable all ICMP. This breaks path
MTU, and is totally evil. Some disable only some ICMP, breaking just
"ping". Some find the security risks of allowing ICMP acceptable.
The below posting is posted just as an example, not as "the correct
opinion". There is no "correct opinion". -- REW]
On Thu, 29 Jun 2000, David Balazic wrote:
> Need I say more ?
> There is a reason that they "invented" ping !
(...)
> It seems a good idea to block inbound packet to your broadcast
> address. And packets from outside that claim to come from an inside
> address. It might be useful to put a maximum size limit on ping
> packets.
Thanks a lot, David, for putting this so clearly.
Folks, disabling ping requests at all won't help that much with your
security, and after all, if you want as much security as you imply
you better disconnect your computer.
-- Andreas
-----------------------------------------------------------------------
ANDREAS SCHAMANEK <Andreas Schamanek univie ac at> T: +43-1 58801-10754
Admin @ Dept. of Statistics and Decision Support * Univ. of Vienna
Admin @ Dept. of Statistics, Probability Theory & AM * TU Vienna
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]