[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: attacks



> -----Original Message-----
> From: Mark Ferlatte [mailto:ferlatte@cryptio.net] 
> Sent: Tuesday, June 04, 2002 12:34 PM
> To: 'debian'
> Subject: Re: attacks
> 
> > You probably want to add some route verification too:
> >   for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
> >      echo 1 > $f
> >  done
>
> Debian turns this on by default, so you don't have to do it by hand.
> But you can if you really want to.

Oh OK, I seem to remember reading that.  But, that brings up a point
I've been trying to resolve... would "2" be better?  What would be the
implications of using it, more overhead?

> > Anyway, what I would do is block TCP & UDP 0-19.  This tosses
> 
> What I would do instead is to set your default policy to DROP 

Yeah, forgot to mention that the first time around.  ;)

Jeff Bonner



-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: