And for the 2.0.x kernels there is a patch to help control syn floods...
Later,
Ron DuFresne
On Sun, 5 Jan 1997, Bernd Eckenfels wrote:
> Hello,
>
> > Do I need to care about
> > source routed packets if my upstream provider has everything configured
> > as they should?
>
> Ask your upstream providee, how should we know if he is filtering source
> routed packets? You can drop them at your router which links you to the
> outside world. Use fireeall rules or settings like "drop source routed
> frames"with linux.
>
> > If I am using for example Linux, would it be enough to
> > configure the linux kernel to drop source routed packets? To configure the
> > linux firewall to ignore localnet packets from the external link?
>
> Both. And to ignore PAckates from your internal net as the source on
> external interfaces. And ignore packates with internal address as source on
> external interface and so on. This will prevent you from IP-Spoofing and
> will block most simple attacks.
>
> Greetings
> Bernd
> y
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
References:
|
|
