[?!?] TTL Attacks can halt IPTAbles ?

From: Dr. Chandra (drchandra_at__LOSE-SP4M_pandora.be)
Date: 06/24/04

• Next message: James Knott: "Re: noob: who-has tell messages"
• Previous message: jim beam: "Re: noob: who-has tell messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 24 Jun 2004 18:46:41 GMT

Hi,

I've ran my Debian iptables-firewall for quit some time now, today i had
it *tested* by http://www.pcflank.com running every test i could find, and
surely there it was *proof* my machine is secure (enough) to the average
attacker.

Now i DiD notice there are some abrupt halts in the network availability
wich do NOT come around by themselves. As such i gave more attention to my
firewall-box.

I was quite baffled to see a single igmp packet with a TTL of about 10
minutes to halt my network, at least that's my conclusion for now.
#/etc/init.d/networking restart
is all i can do to re-establish network traffic.

For now i'm using hlfl to easily configure my firewall but this apparent
IGMP/TTL issue has left me wondering what to do next. The IP originating
this packet is an ISP-mission-critical-machine IP so i'm not going to
block this since it's probably running a DNS server or something.

Any good / sound suggestions ?

-- 
Best Regards,
 Dr. Chandra

---

• Next message: James Knott: "Re: noob: who-has tell messages"
• Previous message: jim beam: "Re: noob: who-has tell messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2004-06