http://www.penguinsecurity.net/pensec/modules.php?name=News&file=article&sid=171
several icmp examples are in the text jason > Anyone know if there is a Linux equivalent of Cisco CAR to control ICMP > abuses? > I used to prohibit ICMP at my network edge until I discovered the > virtues of CAR, allowing enough traffic for helpful testing but shutting > down sources who send too much too often. > > Here is an example of how to use CAR on a Cisco router to control ICMP: > interface xy > rate-limit output access-group 2020 3000000 512000 786000 conform-action > transmit exceed-action drop > access-list 2020 permit icmp any any echo-reply > > If someone could point out how to achieve this kind of thing in IP > tables or using some other fancy package I'd be most grateful. > > Tanner Lovelace wrote: > >>On 6/7/05, Ben Pitzer <[EMAIL PROTECTED]> wrote: >> >> >>>Yeah, how about finding out if the SC has (wisely) turned off ICMP >>>echo on the server? >>> >>>-Ben >>> >>> >> >>I've gone back and forth on this having done it one way or the >>other for several years now and I'm not actually convinced >>it buys you that much more security. Yes, I know you can >>tunnel a shell through ICMP, but by turning it off you lose >>what can be a valuable debugging too. So, I guess it >>just boils down to what you're willing to trade off. >> >>Cheers, >>Tanner >> >> > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
