Bugtraq mailing list archives
Re: ICMP nukes?
From: ccdes () ccdes princeton nj us (Carl Corey)
Date: Thu, 28 Apr 1994 09:15:36 -0500
Also, is there a way to block people running FSP without blocking all udp packets or relying on blocking udp to certain ports? I may not be around full-time on this system, so it is conceivable for a user to set up their own fsp server in their home dir and not have me notice it for a few weeks or so.Why would you _want_ to block that? That doesn't put your system at any more risk than it already is by allowing said user connectivity to the world of any sort, as far as I can see.
I don't want people to pirate to/from my machine. It's a waste of diskspace to have all 35 megs of the latest game taking up space I could be using for increased functionality (perl, etc)
Unless you have some users connecting via, say, dialup, that you want to restrict from all network access of any sort; in this case, the only effective measures I can see are either (a) a sufficiently restricted environment that they can't import arbitrary programs or (b) having the kernel refuse network services to them unconditionally.
I will have users via dialup but network services are important, including being able to ftp to and telnet to my site. I was hoping that the router could screen packets by protocol type. Perhaps I could write a daemon to determine what any UDP listeners are and report back.
Current thread:
- Re: ICMP nukes? Carl Corey (Apr 28)
- <Possible follow-ups>
- Re: ICMP nukes? Carl Corey (Apr 28)
- Re: ICMP nukes? Oliver Friedrichs (Apr 28)
- ICMP unreachables MICHAEL R. WIDNER (Apr 28)