[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Magnus Hedemark wrote:
On Monday 22 September 2003 06:37 pm, Paul wrote:
Request for scan:
My current IP address is
68.46.172.168
All tcp, udp & rpc ports seem completely filtered.
Packets with spoofed TCP headers are also being blocked successfully.
ICMP Echo ("ping") is still passing through. There is a lot of controversy over whether this is a good thing or not. IMHO, while it does open up some possibility of attack, it is still a good thing.
Somewhere en route to you traceroute is being blocked. 172.30.119.149 is the last router in the path that responded. It did take a path out to NYC within my own ISP's network before going out to Level3.net.
If you're running an iptables firewall you can specify how much of a given protocol you'll let in at any time ( see "--limit " in the iptables man page) which could help you somewhat if someone tries to flood you. Apparently I can ping flood you without getting dropped. I can also send some pretty huge ping packets without getting blocked. This is definitely something to look at. You might also want to take a closer look at what specific ICMP types you're passing, and under what conditions.
_________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug