Re: [nsp] icmp blocking

From: fingers (fingers@fingers.co.za)
Date: Thu Mar 28 2002 - 02:39:19 EST

Next message: Stephen Gill: "RE: [nsp] icmp blocking"
Previous message: Birsen Ozturk: "[nsp] icmp blocking"
In reply to: Birsen Ozturk: "[nsp] icmp blocking"
Next in thread: Gert Doering: "Re: [nsp] icmp blocking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

> I was looking for information about denying ICMP packets accross the
> backbone. What is the efficient/reccomended way of doing it? What are the
> drawbacks and maybe workarounds? I feel like if the backbone devices are
> open to ICMP they are vulnerable to DoS attacks. Any idea/reccomendation
> is welcome.

You may wish to think about rate-limiting it instead of denying it
outright.

Regards

--Rob

Next message: Stephen Gill: "RE: [nsp] icmp blocking"
Previous message: Birsen Ozturk: "[nsp] icmp blocking"
In reply to: Birsen Ozturk: "[nsp] icmp blocking"
Next in thread: Gert Doering: "Re: [nsp] icmp blocking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:38 EDT