Date: Fri, 23 Mar 2001 13:28:04 +0100 From: Borja Marcos <borjamar@sarenet.es> To: freebsd-security@freebsd.org Subject: Re: DoS attack - advice needed Message-ID: <3ABB4154.CAE7535D@sarenet.es> References: <BIEHKEFNHFMMJEKCDMLNAELOCGAA.oldfart@gtonet.net> <200103230132.IAA07082@banyan.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
Olivier Nicole wrote: > > >I filter ICMP, at my router, too. I only allow incomming ICMP from source > >ports 0, 3 & 11 and I allow all outgoing ICMP. I just do it to help security > >not as a stop-gap measure. To get back on the original poster's questions, > > Why not filtering the same outgoing ports as the incoming ones? That > would help the global Internet security/performance, by making sure no > attack can be launched from your network. In this case, the most important filters are those which prevent address spoofing, making sure that every packet leaving your networks has a source address belonging to your network. Borja. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ABB4154.CAE7535D>