nanog mailing list archives
Re: [nsp] known networks for broadcast ping attacks
From: "David P. Maynard" <dpm () flametree com>
Date: Tue, 12 Aug 1997 06:04:29 -0500
Eric Wieling wrote:
We recently implemented outbound filters for our network. It's rather draconion, but it's effectiveand we've had no complaints yet. We allow outbound TCP, UDP, GRE, and outbound ICMP 0/0 (echo request) with source addresses on our network That's all. [...] We also block all inbound inbound ICMP 0/0 (echo request) and and a bunch of other things. --Eric
You should probably allow more ICMP types. In particular, allowing the ones used by Path MTU discovery will make your life easier. Trying to track down bizarre sounding connection problems that turn out to be Path MTU discovery failures can make for an interesting day, but it gets old after awhile. I think there was a discussion here a few weeks ago on ICMP filters, so I would check the archives for details. -dpm -- David P. Maynard, Flametree Corporation EMail: dpm () flametree com, Tel: +1 512 670 4090, Fax: +1 512 251 8308 --
Current thread:
- Re: [nsp] known networks for broadcast ping attacks Joe Provo - Network Architect (Aug 02)
- <Possible follow-ups>
- Re: [nsp] known networks for broadcast ping attacks Rick Watson (Aug 11)
- Re: [nsp] known networks for broadcast ping attacks Jon Lewis (Aug 11)
- Re: [nsp] known networks for broadcast ping attacks Eric Wieling (Aug 11)
- Re: [nsp] known networks for broadcast ping attacks David P. Maynard (Aug 12)
- Re: [nsp] known networks for broadcast ping attacks Miquel van Smoorenburg (Aug 12)
- Re: [nsp] known networks for broadcast ping attacks Jonah Yokubaitis (Aug 11)
- Re: [nsp] known networks for broadcast ping attacks Jon Lewis (Aug 11)
- Re: [nsp] known networks for broadcast ping attacks Charles Sprickman (Aug 11)
- Re: [nsp] known networks for broadcast ping attacks Martin Cooper (Aug 12)
- Re: [nsp] known networks for broadcast ping attacks Greg Ketell (Aug 12)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Sharif Torpis (Aug 12)
- Re: [nsp] known networks for broadcast ping attacks Charles Sprickman (Aug 11)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Ran Atkinson (Aug 12)
- Re: [nsp] known networks for broadcast ping attacks Paul Ferguson (Aug 12)
- Re: [nsp] known networks for broadcast ping attacks Peter Giza (Aug 12)