Date: Wed, 08 Dec 1999 14:11:31 -0800 From: Deepwell Internet <freebsd@deepwell.com> To: Mark Newton <newton@atdot.dotat.org>, freebsd-security@freebsd.org Subject: Re: What kind of attack is this? Message-ID: <4.2.0.58.19991208141045.00d293f0@mail1.dcomm.net> In-Reply-To: <19991209083140.A7509@atdot.dotat.org> References: <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com> <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > So how does one protect themselves against such an attack? I have an > > Ascend Pipeline 50 router which I'm trying to sort out from the manuals a > > way to use its filters and how it behaves if rules overlap (what I'm > > thinking is trying to find a way to block all incoming UDP packets EXCEPT > > the type which are known to be good). > >Get a FreeBSD box with two ethernet interfaces. Enable ipfw. Start >with rules that look like this: > > ipfw add pass udp from any GOODPORT to any in via OUTSIDE-INTERFACE > ipfw add deny udp from any to any in via OUTSIDE-INTERFACE > ipfw add pass all from any to any > >Of course, the ruleset you end up with will be more comprehensive >than that, but it should give you an idea. Look at /etc/rc.firewall >for more info. > >Alternatively buy a Cisco -- Ascends are toy routers, IMHO, with >somewhat limited packet filtering abilities. > > - mark Not to mention Ascend's broken NAT implementation. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19991208141045.00d293f0>