Ralf G. R. Bergs wrote:
> can you explain me what "source quench" means?
As has already been said, source quench packets (ICMP type 4) are a
primitive form of flow control.
> ICMPLogD frequently notifies me that my box received these packets
> from some peer host.
Whilst this could be a DoS attack, it's certainly not guaranteed;
source quench packets are part of the TCP/IP specs.
> Should I filter these packets at my firewall?
Yes, but I wouldn't bother logging them (like spurious NetBIOS-NS
queries, they are undesirable but not indicative of malicious
activity).
Personally I suggest allowing the following ICMP types:
0 Echo Reply
3 Destination Unreachable
11 Time Exceeded
12 Parameter Problem
and dropping the rest (you must allow ICMP type 3).
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
