On 2005-01-18 Phil Dyer wrote: > Mike Mestnik wrote: >> 1. Pings to bracast addresses(like 209.98.255.255), these can easily >> generate hundreds of replys(pongs) AND be targeted at any host on the >> net. > > Or better yet. Drop all broadcast traffic. Ingres, egres, tcp, udp, > whatever. When it hits your border. Drop. > >> 1a. Pings not originating fron it's own revers route, coming from >> somwhere other then where the pong would be routed. > > Also applies to more than icmp. Wrong interface? -- drop.
REJECT, not DROP. Regards Ansgar Wiechers -- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
