Re: How to get rid of spoofed IP-Address responses
From: jon schatz (jon@divisionbyzero.com)Date: 05/24/02
- Previous message: Jay Beale: "Re: Linux Hardening"
- In reply to: Patrick Morris: "Re: How to get rid of spoofed IP-Address responses"
- Next in thread: Seth Arnold: "Re: How to get rid of spoofed IP-Address responses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: jon schatz <jon@divisionbyzero.com> To: Patrick Morris <pmorris@wilshire.com> Date: 24 May 2002 13:25:02 -0700
On Fri, 2002-05-24 at 09:09, Patrick Morris wrote:
> The best defense against this sort of thing is to block all incoming
> traffic to your servers on ports > 1024. For machines acting strictly
> as servers, in most cases they shouldn't be getting high-port traffic
> anyway.
just to clarify, don't you mean:
"..block all traffic with the SYN flag set to your servers on ports >
1024"?
otherwise, most servers would not run correctly.
-jon
-- jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus? www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Jay Beale: "Re: Linux Hardening"
- In reply to: Patrick Morris: "Re: How to get rid of spoofed IP-Address responses"
- Next in thread: Seth Arnold: "Re: How to get rid of spoofed IP-Address responses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
