[oclug] Check out this log
Jon Earle
je_oclug at kronos.honk.org
Thu Nov 20 14:45:17 EST 2003
On Thu, 20 Nov 2003, Brad Barnett wrote:
> On Thu, 20 Nov 2003 09:46:43 -0500 (EST)
> Robert Brockway <robert at timetraveller.org> wrote:
>
> > Ooooh, blocking _all_ ICMP is a bad bad thing. Lots of people do it
> > though :(
>
> Yes, hence my "protectionist methods to the extreme" bit above. ;)
I don't block all ICMP, but there's likely no good reason to allow ping
requests to the server. since iptables can filter ICMP based on specific
code/type pairs, why not exploit that to protect your box by only allowing
"good" ICMP packets and blocking the rest?
> Second, nothing he does at his firewall is going to help him one bit,
> perhaps with the exception of just dropping any such connections, and
> saving upstream bandwidth for replies. Still, downstream is traditionally
> used more by end users, and this worm is not designed to take the user
> offline by destroying upstream bandwidth either.
Still, I'm interested in what my ISP should be doing. I implemented the
same logging on kronos and indeed, turned up the same traffic, though
nowhere near as extensive. It appears to limited (on kronos) to Magma
connected clients only. My home gateway though, is accepting packets from
anywhere. Thus... are there any good suggestions for what the ISP should
be blocking to minimize the traffic on their network?
--
Jon Earle
SAVE FARSCAPE http://www.savefarscape.com/
Vegetarian - an old Indian word meaning 'lousy hunter'.
More information about the OCLUG
mailing list