RE: protecting DHCP servers

From: Ben Boulanger (ben@blackavar.com)
Date: 05/21/02


Date: Tue, 21 May 2002 12:30:21 -0400 (EDT)
From: Ben Boulanger <ben@blackavar.com>
To: focus-linux@securityfocus.com

On Mon, 20 May 2002, Brian wrote:
> I generally create a 'sanity' chain on my input ruleset that gets run
> first. It would look something like this:
>
> A few notes on how you might elaborate on this: fix the 224 netmask, add
> some limits to prevent ping/syn/whatever floods (do something like
> 'iptables -p icmp -m limit -j ACCEPT;iptables -p icmp -j DROP').

This is an excellent idea! I love it. I wish I had thought of it! If
you have the ability (and it's not private information) would you be
willing to share that chain's rules?

Ben

-- 

To be wronged is nothing unless you continue to remember it. ~ Confucius



Relevant Pages

  • Re: Has there ever been a uk.transport meet?
    ... Brian wrote: ... I am not volunteering to organise one, ... I value what is left of my sanity too much. ...
    (uk.transport)
  • Re: [OT] Need Computer Geek Advice
    ... Not really, Brian. ... There are small adjustments you can make to lots of ... Brian mentioned Thunderbird in his original post which you may not ...
    (alt.guitar.bass)
  • Re: OT - Latest Virginmedia scandal
    ... only to be out-porkied by the next liar in the chain. ... 73 de Wlat ... Quite amazing really how he can defend this terrible rotten company ... I think that Brian has some sort of empathy with them... ...
    (uk.radio.amateur)
  • Re: [OT] Need Computer Geek Advice
    ... don't you have anything better to do than to yank my ... Not really, Brian. ... There are small adjustments you can make to lots of ...
    (alt.guitar.bass)
  • Re: [OT] Need Computer Geek Advice
    ... don't you have anything better to do than to yank my ... Not really, Brian. ... There are small adjustments you can make to lots of ...
    (alt.guitar.bass)