Gentoo Logo

About | Projects | Docs | Forums | Lists | Bugs | Get Gentoo! | Support | Planet | Wiki

Gentoo Spaceship
Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Mark Hurst <mark@...>
Subject: Re: firewall suggestions?
Date: Fri, 9 Jan 2004 17:36:51 +1100 
> Probably you think ICMP is dangerous too. There are a lot of brain dead 
> admins who blocks ICMP packets and they wonder why connections to some 
> websites are broken or if they administrate the packet filter before a 
> webserver they wonder why some user grouches they wouldn't get a 
> connection to the web server.

Ever heard of Smurf or Loki?

If you allow all ICMP in you are indeed a brain-dead admin, in my opinion.
Sure, host unreachable, DF should be allowed in, but why should an
external host be able to send timestamp or subnet requests?

--
gentoo-security@g.o mailing list
Replies:
Re: firewall suggestions?
-- Alexander Schreiber
Re: firewall suggestions?
-- Oliver Schad
References:
RE: firewall suggestions?
-- MA
Re: firewall suggestions?
-- Oliver Schad
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
Re: firewall suggestions?
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.