[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] Firewall Check
Magnus Hedemark wrote:
On Monday 22 September 2003 06:37 pm, Paul wrote:
Request for scan:
My current IP address is
All tcp, udp & rpc ports seem completely filtered.
Packets with spoofed TCP headers are also being blocked successfully.
ICMP Echo ("ping") is still passing through. There is a lot of controversy
over whether this is a good thing or not. IMHO, while it does open up some
possibility of attack, it is still a good thing.
Somewhere en route to you traceroute is being blocked. 172.30.119.149 is the
last router in the path that responded. It did take a path out to NYC within
my own ISP's network before going out to Level3.net.
If you're running an iptables firewall you can specify how much of a given
protocol you'll let in at any time ( see "--limit " in the iptables man page)
which could help you somewhat if someone tries to flood you. Apparently I
can ping flood you without getting dropped. I can also send some pretty huge
ping packets without getting blocked. This is definitely something to look
at. You might also want to take a closer look at what specific ICMP types
you're passing, and under what conditions.
How did you gather all that data?! What can ping packets or other ICMP
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug