Re: DoS attack - advice needed
From: Borja Marcos (borjamar@sarenet.es)
Date: 03/23/01
- Next message: Roger Marquis: "Re: DoS attack - advice needed"
- Previous message: Olivier Nicole: "Re: DoS attack - advice needed"
- In reply to: Olivier Nicole: "Re: DoS attack - advice needed"
- Next in thread: Ronan Lucio: "Re: DoS attack - advice needed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 Mar 2001 13:28:04 +0100 From: Borja Marcos <borjamar@sarenet.es> To: freebsd-security@freebsd.org
Olivier Nicole wrote:
>
> >I filter ICMP, at my router, too. I only allow incomming ICMP from source
> >ports 0, 3 & 11 and I allow all outgoing ICMP. I just do it to help security
> >not as a stop-gap measure. To get back on the original poster's questions,
>
> Why not filtering the same outgoing ports as the incoming ones? That
> would help the global Internet security/performance, by making sure no
> attack can be launched from your network.
In this case, the most important filters are those
which prevent address spoofing, making sure that every packet
leaving your networks has a source address belonging to your
network.
Borja.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Roger Marquis: "Re: DoS attack - advice needed"
- Previous message: Olivier Nicole: "Re: DoS attack - advice needed"
- In reply to: Olivier Nicole: "Re: DoS attack - advice needed"
- Next in thread: Ronan Lucio: "Re: DoS attack - advice needed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
