From owner-freebsd-security Fri Mar 23 4:28:10 2001 Delivered-To: freebsd-security@freebsd.org Received: from borja.sarenet.es (borja.sarenet.es [192.148.167.77]) by hub.freebsd.org (Postfix) with ESMTP id F0BA237B71D for ; Fri, 23 Mar 2001 04:28:06 -0800 (PST) (envelope-from borjamar@sarenet.es) Received: from sarenet.es (localhost [127.0.0.1]) by borja.sarenet.es (8.11.1/8.11.1) with ESMTP id f2NCS4q83389 for ; Fri, 23 Mar 2001 13:28:06 +0100 (CET) (envelope-from borjamar@sarenet.es) Message-ID: <3ABB4154.CAE7535D@sarenet.es> Date: Fri, 23 Mar 2001 13:28:04 +0100 From: Borja Marcos X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: DoS attack - advice needed References: <200103230132.IAA07082@banyan.cs.ait.ac.th> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Olivier Nicole wrote: > > >I filter ICMP, at my router, too. I only allow incomming ICMP from source > >ports 0, 3 & 11 and I allow all outgoing ICMP. I just do it to help security > >not as a stop-gap measure. To get back on the original poster's questions, > > Why not filtering the same outgoing ports as the incoming ones? That > would help the global Internet security/performance, by making sure no > attack can be launched from your network. In this case, the most important filters are those which prevent address spoofing, making sure that every packet leaving your networks has a source address belonging to your network. Borja. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message