I agree with what they have both said, this is a very important subject
since this is your first line of defense. I would also recomend blocking any
inbound packets with source addresses from your internal network (Known as
Spoofed addresses) and source routed packets. These two items are almost
never legitimate traffic. Be careful with source routed packets though, so
far I have blocked them on every firewall\border router I have configured
and not had issues. If anyone is familiar with a valid use for source routed
packets or an application which needs them please speak up, otherwise these
little devils do more harm than good.
Ken Claussen MCSE CCNA CCA
[EMAIL PROTECTED]
"The Mind is a Terrible Thing to Waste!"
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Robert Olsson
Sent: Monday, December 18, 2000 3:30 AM
To: Firewalls mailinglist
Subject: Recommended blocking for Internet-router
Are there some sort of guidelines on what should be blocked on an
Internet-router? RFC 1918 addresses and TCP/UDP-ports 137-139 are of
course well-known, but is there anything else that is recommended or
perhaps even required? I had a faint memory of seeing something about
this on ISOC's homepage but found nothing. Anyone with ideas?
//Robert
-----------------------------------------------------------------
Robert Olsson Fiberdata Nord AB
tel: 021-10 43 52 Skivfilargr�nd 2
GSM: 070-301 03 71 731 20 V�ster�s
[EMAIL PROTECTED] www.fiberdata.se
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
