|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Firewall Check
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 22 September 2003 06:37 pm, Paul wrote:
> Request for scan:
>
> My current IP address is
>
> 68.46.172.168
All tcp, udp & rpc ports seem completely filtered.
Packets with spoofed TCP headers are also being blocked successfully.
ICMP Echo ("ping") is still passing through. There is a lot of controversy
over whether this is a good thing or not. IMHO, while it does open up some
possibility of attack, it is still a good thing.
Somewhere en route to you traceroute is being blocked. 172.30.119.149 is the
last router in the path that responded. It did take a path out to NYC within
my own ISP's network before going out to Level3.net.
If you're running an iptables firewall you can specify how much of a given
protocol you'll let in at any time ( see "--limit " in the iptables man page)
which could help you somewhat if someone tries to flood you. Apparently I
can ping flood you without getting dropped. I can also send some pretty huge
ping packets without getting blocked. This is definitely something to look
at. You might also want to take a closer look at what specific ICMP types
you're passing, and under what conditions.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc2 (GNU/Linux)
iD8DBQE/b7CUYPuF4Zq9lvYRAlifAJsEbpSnjhDL+IECFEoPsBew/qUKCACgicdI
h7bQ+PvSxEhJM00f9v28NAE=
=FZ/+
-----END PGP SIGNATURE-----
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|