Gentoo Archives: gentoo-security

From: Oliver Schad <o.schad@×××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 16:49:17
In Reply to: Re: [gentoo-security] firewall suggestions? by Ryan Voots
Am Donnerstag, 8. Januar 2004 17:06 schrieb mir Ryan Voots:
> On Thu, 8 Jan 2004 16:17:49 +0100 > > "Oliver Schad" <o.schad@×××.de> Add to Address Book wrote: > > Probably you think ICMP is dangerous too. There are a lot of brain > > dead admins who blocks ICMP packets and they wonder why connections > > to some websites are broken or if they administrate the packet filter > > before a webserver they wonder why some user grouches they wouldn't > > get a connection to the web server. > > thats one reason i don't block it, some services and things use it to > look for hosts that are up, what i wish i could do is some type of > limit where it would only send replies to them at a certain rate, just > so that a ping -f on 12 machines to my machine wouldn't cause a huge > bandwidth surge from my machine.
A limit is a good way to protect from DDOS. mfg Oli -- gentoo-security@g.o mailing list