[TriLUG] Was Return of BZFlag - Now ICMP

Jason Tower jason at cerient.net
Thu Jun 9 12:37:45 EDT 2005


http://www.penguinsecurity.net/pensec/modules.php?name=News&file=article&sid=171

several icmp examples are in the text

jason

> Anyone know if there is a Linux equivalent of Cisco CAR to control ICMP
> abuses?
> I used to prohibit ICMP at my network edge until I discovered the
> virtues of CAR, allowing enough traffic for helpful testing but shutting
> down sources who send too much too often.
>
> Here is an example of how to use CAR on a Cisco router to control ICMP:
> interface xy
>  rate-limit output access-group 2020 3000000 512000 786000 conform-action
> transmit exceed-action drop
> access-list 2020 permit icmp any any echo-reply
>
> If someone could point out how to achieve this kind of thing in IP
> tables or using some other fancy package I'd be most grateful.
>
> Tanner Lovelace wrote:
>
>>On 6/7/05, Ben Pitzer <bpitzer at gmail.com> wrote:
>>
>>
>>>Yeah, how about finding out if the SC has (wisely) turned off ICMP
>>>echo on the server?
>>>
>>>-Ben
>>>
>>>
>>
>>I've gone back and forth on this having done it one way or the
>>other for several years now and I'm not actually convinced
>>it buys you that much more security.  Yes, I know you can
>>tunnel a shell through ICMP, but by turning it off you lose
>>what can be a valuable debugging too.  So, I guess it
>>just boils down to what you're willing to trade off.
>>
>>Cheers,
>>Tanner
>>
>>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc





More information about the TriLUG mailing list