[TriLUG] Was Return of BZFlag - Now ICMP
Ryan Leathers
ryan.leathers at globalknowledge.com
Thu Jun 9 12:25:48 EDT 2005
Anyone know if there is a Linux equivalent of Cisco CAR to control ICMP
abuses?
I used to prohibit ICMP at my network edge until I discovered the
virtues of CAR, allowing enough traffic for helpful testing but shutting
down sources who send too much too often.
Here is an example of how to use CAR on a Cisco router to control ICMP:
interface xy
rate-limit output access-group 2020 3000000 512000 786000 conform-action
transmit exceed-action drop
access-list 2020 permit icmp any any echo-reply
If someone could point out how to achieve this kind of thing in IP
tables or using some other fancy package I'd be most grateful.
Tanner Lovelace wrote:
>On 6/7/05, Ben Pitzer <bpitzer at gmail.com> wrote:
>
>
>>Yeah, how about finding out if the SC has (wisely) turned off ICMP
>>echo on the server?
>>
>>-Ben
>>
>>
>
>I've gone back and forth on this having done it one way or the
>other for several years now and I'm not actually convinced
>it buys you that much more security. Yes, I know you can
>tunnel a shell through ICMP, but by turning it off you lose
>what can be a valuable debugging too. So, I guess it
>just boils down to what you're willing to trade off.
>
>Cheers,
>Tanner
>
>
More information about the TriLUG
mailing list