Re: Path MTU (was: RE:)

To: debian-firewall@lists.debian.org
Subject: Re: Path MTU (was: RE:)
From: Ansgar -59cobalt- Wiechers <lists@planetcobalt.net>
Date: Wed, 19 Jan 2005 16:30:25 +0100
Message-id: <20050119163025.B20026@planetcobalt.net>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <41EDC23A.4080302@cox.net>; from phil.dyer@cox.net on Tue, Jan 18, 2005 at 09:13:14PM -0500
References: <20050119012739.48122.qmail@web30508.mail.mud.yahoo.com> <41EDC23A.4080302@cox.net>

On 2005-01-18 Phil Dyer wrote:
> Mike Mestnik wrote:
>> 1. Pings to bracast addresses(like 209.98.255.255), these can easily
>> generate hundreds of replys(pongs) AND be targeted at any host on the
>> net.
> 
> Or better yet. Drop all broadcast traffic. Ingres, egres, tcp, udp,
> whatever. When it hits your border. Drop.
> 
>> 1a. Pings not originating fron it's own revers route, coming from
>> somwhere other then where the pong would be routed.
> 
> Also applies to more than icmp. Wrong interface? -- drop.

REJECT, not DROP.

Regards
Ansgar Wiechers
-- 
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin

Reply to:

Follow-Ups:
- Re: Path MTU (was: RE:)
  - From: Phil Dyer <phil.dyer@cox.net>
- Re: Path MTU (was: RE:)
  - From: Mike Mestnik <cheako911@yahoo.com>

References:
- Re: Path MTU (was: RE:)
  - From: Mike Mestnik <cheako911@yahoo.com>
- Re: Path MTU (was: RE:)
  - From: Phil Dyer <phil.dyer@cox.net>

Prev by Date: unsubscribe
Next by Date: Re: Path MTU (was: RE:)
Previous by thread: Re: Path MTU (was: RE:)
Next by thread: Re: Path MTU (was: RE:)
Index(es):
- Date
- Thread