Anyone know if there is a Linux equivalent of Cisco CAR to control ICMP
abuses?
I used to prohibit ICMP at my network edge until I discovered the
virtues of CAR, allowing enough traffic for helpful testing but shutting
down sources who send too much too often.
Here is an example of how to use CAR on a Cisco router to control ICMP:
interface xy
rate-limit output access-group 2020 3000000 512000 786000 conform-action
transmit exceed-action drop
access-list 2020 permit icmp any any echo-reply
If someone could point out how to achieve this kind of thing in IP
tables or using some other fancy package I'd be most grateful.
Tanner Lovelace wrote:
On 6/7/05, Ben Pitzer <[EMAIL PROTECTED]> wrote:
Yeah, how about finding out if the SC has (wisely) turned off ICMP
echo on the server?
-Ben
I've gone back and forth on this having done it one way or the
other for several years now and I'm not actually convinced
it buys you that much more security. Yes, I know you can
tunnel a shell through ICMP, but by turning it off you lose
what can be a valuable debugging too. So, I guess it
just boils down to what you're willing to trade off.
Cheers,
Tanner
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
