[j-nsp] Block traceroute and Allow Ping
davidtball at gmail.com
Wed Sep 30 11:44:08 EDT 2009
If I'm not mistaken, this year's migration to DNS servers
supporting randomized source UDP ports (based on the Kaminsky thing)
may throw a wrench into some notions of filtering UDP traffic across
their network. I know we had issues with it.
2009/9/30 Stefan Fouant <sfouant at gmail.com>:
> On Wed, Sep 30, 2009 at 5:09 AM, Masood Shah <masoodshah at juniper.net> wrote:
>> If you are REALLY paranoid, you can DROP all UDP traffic and then only open
>> the ports that you have services running on. Sometimes this is easier said
>> than done though.
> I wouldn't call this paranoia. I would call this "good security posture".
> Stefan Fouant
> juniper-nsp mailing list juniper-nsp at puck.nether.net
More information about the juniper-nsp