[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ingress filtering

On Mon, Sep 17, 2001 at 12:50:26AM +0100, Pedro Corte-Real wrote:
> I know they are:
>        - aka

>      - aka

>     - aka

In addition you should block the link-local net and perhaps all multicast
networks, if you are shure you do not use them. Loopback multicast Microsoft Link Local

Of course much more important is to block packets with your local network as
source (maybe even destination if you do NAT). And to block outgoing spoofed
and leaking (i.e. with your internal sender address) outgoing pacets in the
egress filter.

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: