RE: protecting DHCP servers
From: Ben Boulanger (ben@blackavar.com)Date: 05/21/02
- Previous message: Brian: "RE: protecting DHCP servers"
- In reply to: Brian: "RE: protecting DHCP servers"
- Next in thread: Matt.Carpenter@alticor.com: "Re: protecting DHCP servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 May 2002 12:30:21 -0400 (EDT) From: Ben Boulanger <ben@blackavar.com> To: focus-linux@securityfocus.com
On Mon, 20 May 2002, Brian wrote:
> I generally create a 'sanity' chain on my input ruleset that gets run
> first. It would look something like this:
>
> A few notes on how you might elaborate on this: fix the 224 netmask, add
> some limits to prevent ping/syn/whatever floods (do something like
> 'iptables -p icmp -m limit -j ACCEPT;iptables -p icmp -j DROP').
This is an excellent idea! I love it. I wish I had thought of it! If
you have the ability (and it's not private information) would you be
willing to share that chain's rules?
Ben
--To be wronged is nothing unless you continue to remember it. ~ Confucius
- Previous message: Brian: "RE: protecting DHCP servers"
- In reply to: Brian: "RE: protecting DHCP servers"
- Next in thread: Matt.Carpenter@alticor.com: "Re: protecting DHCP servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
