Re: CAN-2004-1137

From: Blizbor (tb670725_at_ima.pl)
Date: 01/05/05

  • Next message: R Dicaire: "ipv6, again"
    Date: Wed, 05 Jan 2005 18:40:25 +0100
    To: focus-linux@securityfocus.com
    
    

    Hi,

    >>
    >>Secondly would 'iptables -A INPUT -p IGMP -j REJECT' protect my machine
    >>
    >>
    >>from remote attacks ?.
    >
    >
    Theoretically - yes. But practically - no. Why ?
    Main idea is: do not allow any explictly necessary traffic. In my
    opinion as necessary
    you can count protocols tcp, udp and icmp. Other upon request or after
    detecting that
    somebody is trying to use them. Especially AH and ESP. "All other"
    protocols are used
    very rare and mainy by the network infrastructure.
    Conclusion is: why allow "all other" traffic if all infrastructure is
    yours and you know that
    none of the other protocols are in use ?
    So my answer is - no, because you are closing one hole after their
    exploitation. All other holes
    are still widely opened. This cant be called "*wall" ;).

    Regards,
    Blizbor


  • Next message: R Dicaire: "ipv6, again"

    Relevant Pages

    • Re: caution with that link!
      ... Neither is ignoring conventions and protocols. ... You don't get to simply blather "That is just one opinion." ...
      (alt.video.dvd)
    • Re: Whats interesting about WiMax
      ... >> What would you deem as the most interesting part of WiMax. ... >> say protocols? ... Architecture? ... > My opinion: very secure wireless, inexpensive, good speed, and non ...
      (alt.internet.wireless)
    • Re: Whats interesting about WiMax
      ... > say protocols? ... Architecture? ... My opinion: very secure wireless, inexpensive, good speed, and non ...
      (alt.internet.wireless)
    • Re: (Q) Coming in through a firewall
      ... > Specifying source ip, destination ip, port number, protocols, ... > order to make the hole as small and undetectable as possible would ...
      (comp.os.linux.security)