[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[linux-security] Re: ICMP
- From: Jonathan Benson <sysadmin ocean com au>
- To: wulfman <wulfman wulfman com>
- Cc: "linux-security redhat com" <linux-security redhat com>
- Subject: [linux-security] Re: ICMP
- Date: Wed, 01 Mar 2000 13:07:08 +1100
wulfman wrote:
> After the recent attacks on the major servers on the web my ISP has
> decided to stop all ICMP messages from his ISP.
>
> I have red the RFCs and it seems that he cant do that... As a result
> pings and traceroutes will not work.
Having ping's and traceroutes not working isn't all that horrible.
Stopping the destination unreachable (fragmentation need) ICMP message is
as it will break MTU discovery.
To a network I want relatively secure I've blocked:
echo-requests inbound (ping)
time-exceeded outbound (traceroute)
redirect inbound (could be nasty)
Everything else comes through. I did the first two to stop people learning
more then they need to about the network and the last to stop someone
fooling a machine in to routing packets somewhere it shouldn't.
If anyone out there knows better then I and can suggest other things I
should be blocking or give good reason why I shouldn't block some of these
I'm always willing to learn more.
Jon
[mod: P.S. in a previous message I noted that UUNET-NL was filtering
ICMP. I was wrong: From the discussion that followed I learned that it
was the other end of the pipe, my ISP, that was recklessly filtering
ICMP. -- REW]
--
Jonathan Benson
Systems Administrator
Ocean Internet
http://www.ocean.com.au/
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]