nanog mailing list archives
Re: [nsp] known networks for broadcast ping attacks
From: Systems Engineer <snash () lightning net>
Date: Wed, 30 Jul 1997 18:03:25 -0400
Well to allow ICMP is good for just basic pinging of you or a traceroute. I really dont care if other people can traceroute or ping me so i just deny those lines i mentioned before, and all ICMP as a whole. Until the bug passes and/or gets fixed somehow, I am going to keep those lines. root () gannett com wrote:
On Wed, 30 Jul 1997, Systems Engineer wrote:Well ever since this but was introduced to the outside world, Ihavesince modified my present Firewall (ipfwadm v2.3.0) to accomodate. type prot source destination ports deny icmp 0.0.0.0 0.0.0.255 any deny icmp 0.0.0.255 0.0.0.0 anyMy rule is: deny icmp 0.0.0.0 0.0.0.0 any With perhaps specific permits above that for devices that I find have a legitimate need for ICMP (be it unreachables, or echo/echo reply). I was wondering more if there were a good reason, other than for dial-up users who may need connectivity checks, to allow any ICMP in, or ICMP to say anything more than a terminal server's address range and certain hosts. Hence my prior discussion on ping-mapping netblocks, and its lack of applicability to the number of hosts on my network. Paul ---- -------------------------------------------------------------------- Paul D. Robertson gatekeeper () gannett com
-- --- --- --- --- --- --- --- --- --- Steven Nash ph: (516)248-8400ext25 Systems Engineer / Network Security fax: (516)248-8897 Lightning Internet Services LLC email: snash () lightning net http://www.lightning.net --- --- --- --- --- --- --- --- ---
Current thread:
- Re: [nsp] known networks for broadcast ping attacks, (continued)
- Re: [nsp] known networks for broadcast ping attacks Jon Lewis (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Joe Rhett (Jul 30)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Alex.Bligh (Jul 31)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Netstat Webmaster (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks root (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks root (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)