Date: Sun, 24 Jun 2001 18:16:14 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Dag-Erling Smorgrav <des@ofug.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: disable traceroute to my host Message-ID: <20010624181614.E52432@mail.webmonster.de> In-Reply-To: <xzpr8w97w2g.fsf@flood.ping.uio.no>; from des@ofug.org on Sun, Jun 24, 2001 at 05:10:31PM %2B0200 References: <20010622230217.JKT10107.mta05.onebox.com@onebox.com> <xzpr8w97w2g.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
--d8Lz2Tf5e5STOWUP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dag-Erling Smorgrav(des@ofug.org)@2001.06.24 17:10:31 +0000: > Third - if you set up ipfw to unconditionally block ICMP (whether in > the mistaken belief that it will prevent route tracing or for some > other lameass reason), I will personally buy a very heavy baseball > bat, hop on a plane, and pay you a visit you'll remember for the rest > of your very short lives. Although some ICMP types are admittedly not > very useful, that doesn't mean none of them are, and you should at the > very least let types 3 and 11 through or you'll be very sorry. I > usually set up my filters to let 0, 3, 8 and 11 through and block > everything else. dag, could you please write an rfc based on this? especially the part with the baseball bat sounds very nice to me -- being an netops guy for most of my life. you care for the writing, i care for the beer ;-) > * It went a bit like this: Friend: "Sun have this new firewall product > that's really cool, it can do blah blah blah" - Me: "Oh, FreeBSD can > do that" - Friend: "No, it can't" - Me: "Yes, it can" - Friend: "No > it can't, because blah blah blah" - Me: "Oh, I see" <clicketyclick> > "Now FreeBSD can do that too" - Friend: <boggle> hehe, reminds me of this customer's nokia ip-330 sitting in the corner of my lab -- i probably will wipe ipso and this weird-ass checkpoint fw1, replace it with freebsd and ipfilter :-> /k --=20 > who | grep -i blonde | date; cd ~; unzip; touch; finger; mount;\ > gasp; yes; uptime; umount; sleep 600 KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 Please do not remove my address from To: and Cc: fields in mailing lists. 1= 0x --d8Lz2Tf5e5STOWUP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7NhJOM0BPTilkv0YRAiTvAJwIWxUAK/U04kBJGHV+j3Se0Rm2rgCgoIlq thtejA2Sb8fqldOzutizuNU= =l6N3 -----END PGP SIGNATURE----- --d8Lz2Tf5e5STOWUP-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010624181614.E52432>