Hi, I have the following trouble:
internet -- (public_ip)fw_obsd_3.4(private_ipx.x.x.1) --
server_plesk(private_ipx.x.x.2)
|_ rdr |
The trouble is wath server behind fw offers the folowing service:
- smtp, www, pop, etc.
Hi, I have the following trouble:
internet -- (public_ip)fw_obsd_3.4(private_ipx.x.x.1) --
server_plesk(private_ipx.x.x.2)
The trouble is what server behind fw offers the folowing service:
- smtp, www, pop, etc.
On Tue, 9 Mar 2004, Claudio Jeker wrote:
The best sollution is to have a full view (with no default route) via bgp
and use no-route. So you get a auto-update bogon filter. It is more
accurate than those lists because it is live and knows about the not
announced but IANA allocated blocks.
How
On Wed, Mar 10, 2004 at 06:43:33PM +1100, Damien Miller wrote:
On Tue, 9 Mar 2004, Claudio Jeker wrote:
The best sollution is to have a full view (with no default route) via bgp
and use no-route. So you get a auto-update bogon filter. It is more
accurate than those lists because it is
* Damien Miller [EMAIL PROTECTED] [2004-03-10 09:37]:
Abusers use BGP to advertise reachability to those
blocks in the first place
well, it's mostly a myth that you can simply advertise something in
bgp. There's basically no such thing as unfiltered bgp left. if such
bogons are advertized
* Todd T. Fries [EMAIL PROTECTED] [2004-03-08 22:02]:
$ sudo ftp http://www.completewhois.com/bogons/data/bogons-cidr-all.txt
please do NOT DO THIS CRAP.
this address space WILL be allocated in he future.
and in almost all cases younwill not update your filters regularily.
and it's pointless
Not when you're working on a system that is being attacked with packets
with source ip's in the list.
In my opinion anyway.
--
Todd Fries .. [EMAIL PROTECTED]
Free Daemon Consulting, LLCVOIP: 1.636.410.0632
http://FreeDaemonConsulting.comVOIP: 1.405.227.9094
On Tue, 2004-03-09 at 07:06, Todd T. Fries wrote:
Not when you're working on a system that is being attacked with packets
with source ip's in the list.
In my opinion anyway.
Well, as long as you're using anti-spoof packets can't bounce through to
your internal network segments using your own
On Tue, Mar 09, 2004 at 09:15:11AM -0800, Brian Keefer wrote:
On Tue, 2004-03-09 at 07:06, Todd T. Fries wrote:
Not when you're working on a system that is being attacked with packets
with source ip's in the list.
In my opinion anyway.
Well, as long as you're using anti-spoof packets
On 9 Mar 2004 07:22:39 -0800, [EMAIL PROTECTED] (Todd T. Fries) wrote:
Not when you're working on a system that is being attacked with packets
with source ip's in the list.
I find that highly unlikely.
greg
--
You do a lot less thundering in the pulpit against the Harlot
after she
On Tue, 9 Mar 2004, Greg Hennessy wrote:
On 9 Mar 2004 07:22:39 -0800, [EMAIL PROTECTED] (Todd T. Fries) wrote:
Not when you're working on a system that is being attacked with packets
with source ip's in the list.
I find that highly unlikely.
I think you are highly presumptive, I'm
$ sudo ftp http://www.completewhois.com/bogons/data/bogons-cidr-all.txt
[..]
$ grep bogons /etc/pf.conf
# List of all bogons (ips not allocated) for entire IPv4 ip space
table bogons persist file /etc/bogons-cidr-all.txt
block in quick on $ext_if from bogons to any
block out quick on
On Mon, 2004-03-08 at 08:32, Todd T. Fries wrote:
$ sudo ftp http://www.completewhois.com/bogons/data/bogons-cidr-all.txt
[..]
$ grep bogons /etc/pf.conf
# List of all bogons (ips not allocated) for entire IPv4 ip space
table bogons persist file /etc/bogons-cidr-all.txt
block in
13 matches
Mail list logo