Re: Bill Wohler: Linux security tips

To: wohler@newt.com (Bill Wohler)
Cc: debian-user@lists.debian.org
Subject: Re: Bill Wohler: Linux security tips
From: Matus "fantomas" Uhlar <uhlar@fantomas.sk>
Date: Mon, 27 Jul 1998 10:14:30 +0200 (CEST)
Message-id: <[🔎] 199807270814.KAA02907@fantomas.fantomas.sk>
In-reply-to: <[🔎] 199807270719.AAA11691@gbr.newt.com> from Bill Wohler at "Jul 27, 98 00:19:28 am"

->   To prevent Linux from forwarding any packets, recompile the kernel
->   with the option CONFIG_IP_FORWARD off.

who does compile linux with packet forwarding on when he des not want it to
be a router ?

->   To prevent responding to pings altogether, use
->   CONFIG_IP_IGNORE_ECHO_REQUESTS on.

hmmm that i imho a very BAD idea. machine SHOULD (i've heard RFC says it
MUST) respond any ICMP echo packet; maybe there could be some protection
against ICMP flooding but machine should not ignore echo requests

-- 
 Matus "fantomas" Uhlar, sysadmin at NETLAB+ Kosice, Slovakia
 BIC coord for *.sk; admin of netlab.irc.sk; co-admin of irc.felk.cvut.cz


--  
Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null

Reply to:

References:
- Bill Wohler: Linux security tips
  - From: Bill Wohler <wohler@newt.com>

Prev by Date: OFF-TOPIC : Job interview questions
Next by Date: RE: Graphical Linux Logo on boot
Previous by thread: Bill Wohler: Linux security tips
Next by thread: Re: Bill Wohler: Linux security tips
Index(es):
- Date
- Thread