Re: [nsp] Re: Router tunneling?!

From: Michael Shields (shields@crosslink.net)
Date: Fri Mar 13 1998 - 17:13:59 EST

Next message: Subodh Nijsure: "[nsp] Used cisco."
Previous message: jlixfeld@idirect.ca: "Re: [nsp] Re: Router tunneling?!"
Next in thread: Charley Kline: "Re: [nsp] Re: Router tunneling?!"
Reply: Charley Kline: "Re: [nsp] Re: Router tunneling?!"
Reply: jlixfeld@idirect.ca: "Re: [nsp] Re: Router tunneling?!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

In article <Pine.LNX.3.96.980313161258.9962Q-100000@industry.idirect.com>,
jlixfeld@idirect.ca wrote:
> Hey! I like that!! I could call that a firewall! I'd change it though.
> I'd actually filter out ICMP to the router itself or to a certain C or two
> which house critical machines and termial servers.

Don't filter out all ICMP; you'll break things in sometimes subtle
ways. If you want to break traceroute, do so without breaking path
MTU discovery, port unreachable, &c.

> This will 1)
> Externally make us invisible past our fictional border router that I'm
> trying to convince my boss to get, and 2) Stop denial of service attacks
> on key machines and stuff.

I don't think this will stop DOS attacks.

-- 
Shields, CrossLink.

Next message: Subodh Nijsure: "[nsp] Used cisco."
Previous message: jlixfeld@idirect.ca: "Re: [nsp] Re: Router tunneling?!"
Next in thread: Charley Kline: "Re: [nsp] Re: Router tunneling?!"
Reply: Charley Kline: "Re: [nsp] Re: Router tunneling?!"
Reply: jlixfeld@idirect.ca: "Re: [nsp] Re: Router tunneling?!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:15 EDT