On Mon, Apr 09, 2001 at 12:13:23AM -0700, Tim Uckun wrote:
Unless you're providing public NFS service, or some other RPC thing, then
no, there's no good reason whatsoever.
Good I won't be worried about blackholing them then.
How about 113?
I had to exempt that port because when I
On Mon, Apr 09, 2001 at 03:20:00PM -0400, Noah L. Meyerhans wrote:
Ask yourself this: *Why* should ICMP be filtered? What are you gaining?
Do you sleep better at night knowing that your machine won't respond to
pings? It really doesn't make you any safer.
What are you gaining by responding
I went to a talk by Paul "Rusty" Russell (who maintains the
firewalling code in the Linux kernel) last year. Now I don't have
my notes with me so I'm just going by my highly fallible memory
here, but Rusty definitely said that blocking ICMP was evil and
anti-social. I can't remember the exact
Quoting Brandon High [EMAIL PROTECTED]:
I'm currently allowing ICMP to and from ports 0, 3 and 8. I'm just
afraid
that I'm breaking a few RFCs doing this.
One point of confusion to be aware of is that ICMP does not use ports. It has
types and codes.
Yes there is some ICMP that you do NOT
Quoting Brandon High [EMAIL PROTECTED]:
I'm currently allowing ICMP to and from ports 0, 3 and 8. I'm just
afraid
that I'm breaking a few RFCs doing this.
One thing that I forgot to mention in my previous post is that it is vitally
important that you block all ICMP traffic to/from your
On Tue, Apr 10, 2001 at 09:59:52AM +1200, Simon Murcott wrote:
One thing that I forgot to mention in my previous post is that it is vitally
important that you block all ICMP traffic to/from your broadcast and network
addresses. This stops you and machines you route from being broadcast
I recently install portsentry by psionic on my system. It seems like people
are trying to scan port 111 pretty often. /etc/services says that this is
the sunrpc port. Anytime portsentry detects a scan it adds an ipchains rule
to block all traffic from that host. What I am wondering is if there
On Mon, Apr 09, 2001 at 02:19:31AM +0100, [EMAIL PROTECTED] wrote:
On Fri, Apr 06, 2001 at 11:52:29PM -0500, Vinh Truong wrote:
* Jean-Marc Boursot [EMAIL PROTECTED] [010406 21:09]:
They allow telnet and not ssh? Nice!
yeah, afraid of the port-forwarding capabilities in ssh. i can see
Unless you're providing public NFS service, or some other RPC thing, then
no, there's no good reason whatsoever.
Good I won't be worried about blackholing them then.
How about 113?
I had to exempt that port because when I tried to get a CPAN module
onion.valueclick.net tried to do
On Mon, Apr 09, 2001 at 12:13:23AM -0700, Tim Uckun wrote:
Unless you're providing public NFS service, or some other RPC thing, then
no, there's no good reason whatsoever.
Good I won't be worried about blackholing them then.
How about 113?
I had to exempt that port because when I
I've tightened my filtering rules recently, but have a few questions
regarding TCP SYN packets and ICMP packets.
Supposing I'm ACCEPTing on TCP ports 22, 25 and 80.
I am ACCEPTing all packets for these 3 ports.
I am ACCEPTing non-SYN for ports 1023
I am DENYing for all other packets.
How should
On Mon, Apr 09, 2001 at 12:05:18PM -0700, Brandon High wrote:
How should ICMP packets be filtered? I'm was blocking them all, but I was
getting a lot of traffic in my logs like:
kernel: Packet log: input DENY eth1 PROTO=1 216.242.53.162:3 x.y.z.82:3 L=56
S=0x00 I=25760 F=0x T=243 (#27)
I went to a talk by Paul Rusty Russell (who maintains the
firewalling code in the Linux kernel) last year. Now I don't have
my notes with me so I'm just going by my highly fallible memory
here, but Rusty definitely said that blocking ICMP was evil and
anti-social. I can't remember the exact
Quoting Brandon High [EMAIL PROTECTED]:
I'm currently allowing ICMP to and from ports 0, 3 and 8. I'm just
afraid
that I'm breaking a few RFCs doing this.
One point of confusion to be aware of is that ICMP does not use ports. It has
types and codes.
Yes there is some ICMP that you do NOT
Quoting Brandon High [EMAIL PROTECTED]:
I'm currently allowing ICMP to and from ports 0, 3 and 8. I'm just
afraid
that I'm breaking a few RFCs doing this.
One thing that I forgot to mention in my previous post is that it is vitally
important that you block all ICMP traffic to/from your
On Tue, Apr 10, 2001 at 09:59:52AM +1200, Simon Murcott wrote:
One thing that I forgot to mention in my previous post is that it is vitally
important that you block all ICMP traffic to/from your broadcast and network
addresses. This stops you and machines you route from being broadcast
Quoting lt;gt;:
On Tue, Apr 10, 2001 at 09:59:52AM +1200, Simon Murcott wrote:
One thing that I forgot to mention in my previous post is that it is
vitally
important that you block all ICMP traffic to/from your broadcast and
network
addresses. This stops you and machines you route from
17 matches
Mail list logo
