Re: ipchains rules

To: Daniel Ginsburg <dg@warpsolutions.com>, debian-russian@lists.debian.org
Subject: Re: ipchains rules
From: Pavel Epifanov <pavel_e@yahoo.com>
Date: Wed, 11 Apr 2001 22:50:21 -0700 (PDT)
Message-id: <20010412055021.75731.qmail@web13905.mail.yahoo.com>
In-reply-to: <20010412030745.A18463@cloud.warpsolutions.ru>

--- Daniel Ginsburg <dg@warpsolutions.com> wrote:
> On Wed, Apr 11, 2001 at 11:13:43PM +0400, George Sergeyev wrote:
> > ëÁË ÐÒÁ×ÉÌØÎÏ ÂÕÄÅÔ Ú×ÕÞÁÔØ ÚÁËÌÉÎÁÎÉÅ ÄÌÑ ipchains ver 1.3.9,
> > ÚÁÐÒÅÝÁÀÝÅÅ ÐÒÉÅÍ icmp echo-request ÐÁËÅÔÏ× ÉÚ ÎÅÎÁÄÅÖÎÏÊ ÞÁÓÔÉ ÓÅÔÉ.
> > âÅÚÒÅÚÕÌØÔÁÔÎÏ ÐÅÒÅÐÒÏÂÏ×ÁÌ ÍÎÏÖÅÓÔ×Ï ËÏÍÂÉÎÁÃÉÊ. (1002-Ñ ÎÏÞØ)
> 
> ðÏÚ×ÏÌØÔÅ ÐÏÉÎÔÅÒÅÓÏ×ÁÔØÓÑ, ÚÁÞÅÍ ÖÅ ÷Ù ÖÅÌÁÅÔÅ ÚÁÐÒÅÔÉÔØ echo-requests?
> åÓÌÉ ÷Ù ÓÏÏÂÝÉÔÅ ÍÎÅ ÄÏÓÔÁÔÏÞÎÏ ×ÅÓËÉÊ ÄÏ×ÏÄ × ÐÏÌØÚÕ ÚÁÐÒÅÝÅÎÉÑ ÜÔÉÈ ICMP
> ÓÏÏÂÝÅÎÉÊ, ÔÏ, ÂÅÚÕÓÌÏ×ÎÏ, Ñ ÓËÁÖÕ ÷ÁÍ, ËÁË ÜÔÏ ÓÄÅÌÁÔØ, ÎÏ, ÐÒÉÚÎÁÔØÓÑ, Ñ
> ÕÍÁ ÎÅ ÐÒÉÌÏÖÕ, ËÁËÉÍ ÏÂÒÁÚÏÍ ÚÁÐÒÅÝÅÎÉÅ ÜÔÉÈ ÓÏÏÂÝÅÎÉÊ ÍÏÖÅÔ ÐÏ×ÌÉÑÔØ ÎÁ
> ÆÕÎËÃÉÏÎÉÒÏ×ÁÎÉÅ ÷ÁÛÅÊ ÓÉÓÔÅÍÙ.

It is simple. George probably have read "ICMP scanning" document where
different techniques of ICMP scans are described. echo-request is just one of
them. The same kind of ICMP could be also used for DoS.

There is a sense to DENY such _incoming_ requests on a gateway or on a home
computer directly connected to Internet. This is a recommended practice as I am
aware of. Several websites already have it (I remember www.ibm.org).

=====
Yours,
Pavel V. Epifanov.

---

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

Reply to:

References:
- Re: ipchains rules
  - From: Daniel Ginsburg <dg@warpsolutions.com>

Prev by Date: Re: Я же говорил!
Next by Date: Re: ipchains rules
Previous by thread: Re: ipchains rules
Next by thread: Squid июзеры
Index(es):
- Date
- Thread