On Tue, Aug 26, 2003 at 02:01:05AM +0200, Arnt Karlsen wrote:
| On Mon, 25 Aug 2003 17:44:32 -0400, Derrick 'dman' Hudson wrote :
[...]
| > ICMP is extremely useful and is, in fact, required for
| > correct operation of TCP and IP. Do not block ICMP.
|
| ..no rule witout exeption: these 2 minutes _are_ useful in tarpits,
| to help slow vira propagation:
True, sort of. (it's more fun to pull the legs off one at a time than
to smash it quickly) If you want to do that, then install LaBrea on a
spare machine and let it draw out the virus' connection without much
consumption of your network resources. However, don't do that on a
regular machine that you expect to usefully use the network with. (if
you don't run a given service on a network node, then 'DROP'ing the
TCP SYN packet rather than 'REJECT'ing it with the firwall is a good
way to put the 2 minute timeout on the virus, eg for nimbda probing
your web server)
-D
--
What good is it for a man to gain the whole world, yet forfeit his
soul? Or what can a man give in exchange for his soul?
Mark 8:36-37
http://dman13.dyndns.org/~dman/
Attachment:
pgpjh6OYtdZRf.pgp
Description: PGP signature