|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Firewall Check
|
Magnus Hedemark wrote:
On Monday 22 September 2003 06:37 pm, Paul wrote:
Request for scan:
My current IP address is
68.46.172.168
All tcp, udp & rpc ports seem completely filtered.
Packets with spoofed TCP headers are also being blocked successfully.
ICMP Echo ("ping") is still passing through. There is a lot of controversy
over whether this is a good thing or not. IMHO, while it does open up some
possibility of attack, it is still a good thing.
Somewhere en route to you traceroute is being blocked. 172.30.119.149 is the
last router in the path that responded. It did take a path out to NYC within
my own ISP's network before going out to Level3.net.
If you're running an iptables firewall you can specify how much of a given
protocol you'll let in at any time ( see "--limit " in the iptables man page)
which could help you somewhat if someone tries to flood you. Apparently I
can ping flood you without getting dropped. I can also send some pretty huge
ping packets without getting blocked. This is definitely something to look
at. You might also want to take a closer look at what specific ICMP types
you're passing, and under what conditions.
How did you gather all that data?! What can ping packets or other ICMP
attacks do?
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|