Re: Which port to block for ping, and how?
From: Anthony Campbell (me_at_privacy.net)
Date: 19 Dec 2003 20:10:22 GMT
On 2003-12-19, Tim Haynes <firstname.lastname@example.org> wrote:
> Anthony Campbell <email@example.com> writes:
>>> The same goes for the destination-unreachable and time-exceeded rules;
>>> they're all consumed within RELATED. There's no reason why you should
>>> accept them as new from random hosts; for all I know, opening yourself
>>> up to destination-unreachable packets means you'll have to handle them
>>> as part of a DoS.
>> I suppose my problem is not knowing how much I am achieving at present in
>> terms of protection (reflection of my ignorance, obviously).
> Blocking everything apart from stuff you ask for. That's the normal way
>> I'm rather perturbed by the failure to block pinging; it seems to mean I
>> ought to do something more, but what?
> No, it means you should check what you've got open that's allowing it,
> because the default is to drop everything.
I just closed everything but ping still gets through:
ac:~:$ sudo nmap localhost
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2003-12-19 20:08 GMT
All 1657 scanned ports on localhost (127.0.0.1) are: closed
Nmap run completed -- 1 IP address (1 host up) scanned in 2.333 seconds
-- Using Linux GNU/Debian - Windows-free zone http://www.acampbell.org.uk (book reviews and articles) Email: replace "www." with "ac@"