Paul on Tue, 23 Sep 2003 02:23:51 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall Check

Magnus Hedemark wrote:

On Monday 22 September 2003 06:37 pm, Paul wrote:

Request for scan:

My current IP address is

All tcp, udp & rpc ports seem completely filtered.

Packets with spoofed TCP headers are also being blocked successfully.

ICMP Echo ("ping") is still passing through. There is a lot of controversy over whether this is a good thing or not. IMHO, while it does open up some possibility of attack, it is still a good thing.

Somewhere en route to you traceroute is being blocked. is the last router in the path that responded. It did take a path out to NYC within my own ISP's network before going out to

If you're running an iptables firewall you can specify how much of a given protocol you'll let in at any time ( see "--limit " in the iptables man page) which could help you somewhat if someone tries to flood you. Apparently I can ping flood you without getting dropped. I can also send some pretty huge ping packets without getting blocked. This is definitely something to look at. You might also want to take a closer look at what specific ICMP types you're passing, and under what conditions.

How did you gather all that data?! What can ping packets or other ICMP attacks do?

Philadelphia Linux Users Group        --
Announcements -
General Discussion  --