nanog mailing list archives
Re: [nsp] known networks for broadcast ping attacks
From: root () gannett com
Date: Wed, 30 Jul 1997 17:35:23 -0400 (EDT)
On Wed, 30 Jul 1997, Systems Engineer wrote:
Well ever since this but was introduced to the outside world, I have since modified my present Firewall (ipfwadm v2.3.0) to accomodate. type prot source destination ports deny icmp 0.0.0.0 0.0.0.255 any deny icmp 0.0.0.255 0.0.0.0 any
My rule is: deny icmp 0.0.0.0 0.0.0.0 any With perhaps specific permits above that for devices that I find have a legitimate need for ICMP (be it unreachables, or echo/echo reply). I was wondering more if there were a good reason, other than for dial-up users who may need connectivity checks, to allow any ICMP in, or ICMP to say anything more than a terminal server's address range and certain hosts. Hence my prior discussion on ping-mapping netblocks, and its lack of applicability to the number of hosts on my network. Paul ------------------------------------------------------------------------- Paul D. Robertson gatekeeper () gannett com
Current thread:
- Re: [nsp] known networks for broadcast ping attacks, (continued)
- Re: [nsp] known networks for broadcast ping attacks Michael Shields (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Jon Lewis (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Joe Rhett (Jul 30)
- Message not available
- Re: [nsp] known networks for broadcast ping attacks Jay R. Ashworth (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Alex.Bligh (Jul 31)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Netstat Webmaster (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks root (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks root (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)
- Re: [nsp] known networks for broadcast ping attacks Systems Engineer (Jul 30)