Date: Tue, 17 Sep 1996 11:52:05 -0700 (PDT) From: Michael Dillon <michael@memra.com> To: inet-access@earth.com Cc: iap@vma.cc.nd.edu, linuxisp@jeffnet.org, freebsd-isp@freebsd.org, os2-isp@dental.stat.com Subject: Livingston source spoofed SYN filters Message-ID: <Pine.BSI.3.93.960917114929.15605J-100000@sidhe.memra.com>
next in thread | raw e-mail | index | archive | help
---------- fragment of a message ---------- > permit 1.2.3.4/20 tcp > permit 1.2.3.4/20 udp > permit 1.2.3.4/20 icmp Actually, a single "permit 1.2.3.4/20" line will do. In Livingston command line syntax: set filter internet.out 1 permit 1.2.3.4/20 > rest of the filter. This is optional. Keep in mind that the panix > attack would probably have flooded your syslog machine's disk space > with syslog info in this case. Hardening that is an issue for another day, > however. Logging denies will fill up your log anyway. Packets arriving for a dialup user after he/she hangs up fall through to the default route back out of the box. They are then _outbound_ packets with source address off the network and destination address on the network. Dialup providers who want to log denies based on a source address being on their network should have a preceding unlogged deny based on the destination address being on their network: set filter internet.out 1 permit 1.2.3.4/20 set filter internet.out 2 deny 0.0.0.0/0 1.2.3.4/20 set filter internet.out 3 deny log
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.93.960917114929.15605J-100000>