perfect - thanks Jason Jason Tower wrote:
>http://www.penguinsecurity.net/pensec/modules.php?name=News&file=article >&sid=171 > >several icmp examples are in the text > >jason > >>Anyone know if there is a Linux equivalent of Cisco CAR to control > >ICMP > >>abuses? >>I used to prohibit ICMP at my network edge until I discovered the >>virtues of CAR, allowing enough traffic for helpful testing but > >shutting > >>down sources who send too much too often. >> >>Here is an example of how to use CAR on a Cisco router to control > >ICMP: > >>interface xy >> rate-limit output access-group 2020 3000000 512000 786000 > >conform-action > >>transmit exceed-action drop >>access-list 2020 permit icmp any any echo-reply >> >>If someone could point out how to achieve this kind of thing in IP >>tables or using some other fancy package I'd be most grateful. >> >>Tanner Lovelace wrote: >> >>>On 6/7/05, Ben Pitzer <[EMAIL PROTECTED]> wrote: >>> >>> >>>>Yeah, how about finding out if the SC has (wisely) turned off ICMP >>>>echo on the server? >>>> >>>>-Ben >>>> >>>> >>>I've gone back and forth on this having done it one way or the >>>other for several years now and I'm not actually convinced >>>it buys you that much more security. Yes, I know you can >>>tunnel a shell through ICMP, but by turning it off you lose >>>what can be a valuable debugging too. So, I guess it >>>just boils down to what you're willing to trade off. >>> >>>Cheers, >>>Tanner >>> >>> >>-- >>TriLUG mailing list : > >http://www.trilug.org/mailman/listinfo/trilug > >>TriLUG Organizational FAQ : http://trilug.org/faq/ >>TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ >>TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc > > >
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
