[TriLUG] Was Return of BZFlag - Now ICMP
Ryan Leathers
ryan.leathers at globalknowledge.com
Thu Jun 9 13:35:57 EDT 2005
perfect - thanks Jason
Jason Tower wrote:
>http://www.penguinsecurity.net/pensec/modules.php?name=News&file=article
>&sid=171
>
>several icmp examples are in the text
>
>jason
>
>>Anyone know if there is a Linux equivalent of Cisco CAR to control
>
>ICMP
>
>>abuses?
>>I used to prohibit ICMP at my network edge until I discovered the
>>virtues of CAR, allowing enough traffic for helpful testing but
>
>shutting
>
>>down sources who send too much too often.
>>
>>Here is an example of how to use CAR on a Cisco router to control
>
>ICMP:
>
>>interface xy
>> rate-limit output access-group 2020 3000000 512000 786000
>
>conform-action
>
>>transmit exceed-action drop
>>access-list 2020 permit icmp any any echo-reply
>>
>>If someone could point out how to achieve this kind of thing in IP
>>tables or using some other fancy package I'd be most grateful.
>>
>>Tanner Lovelace wrote:
>>
>>>On 6/7/05, Ben Pitzer <bpitzer at gmail.com> wrote:
>>>
>>>
>>>>Yeah, how about finding out if the SC has (wisely) turned off ICMP
>>>>echo on the server?
>>>>
>>>>-Ben
>>>>
>>>>
>>>I've gone back and forth on this having done it one way or the
>>>other for several years now and I'm not actually convinced
>>>it buys you that much more security. Yes, I know you can
>>>tunnel a shell through ICMP, but by turning it off you lose
>>>what can be a valuable debugging too. So, I guess it
>>>just boils down to what you're willing to trade off.
>>>
>>>Cheers,
>>>Tanner
>>>
>>>
>>--
>>TriLUG mailing list :
>
>http://www.trilug.org/mailman/listinfo/trilug
>
>>TriLUG Organizational FAQ : http://trilug.org/faq/
>>TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
>
>
>
More information about the TriLUG
mailing list