|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
RE: [PLUG] Firewall Check
|
If you want to block pings, you can also do a
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
Kevin Ruse
Kvaerner Philadelphia Shipyard
-----Original Message-----
From: Paul [mailto:emailme@dpagin.net]
Sent: Tuesday, September 23, 2003 2:31 PM
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] Firewall Check
Magnus Hedemark wrote:
>ICMP Echo ("ping") is still passing through. There is a lot of controversy
>over whether this is a good thing or not. IMHO, while it does open up some
>possibility of attack, it is still a good thing.
>
>
What about TCP pings?
I need to open up the ssh port to give scanners something else to find!
BTW, I found that my "rules" file is letting pings through by default,
even though my "policy" file is set to block all traffic originating
from the Internet.
ACCEPT net fw icmp 8
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|