[j-nsp] Block traceroute and Allow Ping

David Ball davidtball at gmail.com
Wed Sep 30 11:44:08 EDT 2009


   If I'm not mistaken, this year's migration to DNS servers
supporting randomized source UDP ports (based on the Kaminsky thing)
may throw a wrench into some notions of filtering UDP traffic across
their network.  I know we had issues with it.

David


2009/9/30 Stefan Fouant <sfouant at gmail.com>:
> On Wed, Sep 30, 2009 at 5:09 AM, Masood Shah <masoodshah at juniper.net> wrote:
>
>>
>> If you are REALLY paranoid, you can DROP all UDP traffic and then only open
>> the ports that you have services running on. Sometimes this is easier said
>> than done though.
>>
>
> I wouldn't call this paranoia.  I would call this "good security posture".
>
> --
> Stefan Fouant
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list