On Tue, Aug 26, 2003 at 02:01:05AM +0200, Arnt Karlsen wrote: | On Mon, 25 Aug 2003 17:44:32 -0400, Derrick 'dman' Hudson wrote : [...] | > ICMP is extremely useful and is, in fact, required for | > correct operation of TCP and IP. Do not block ICMP. | | ..no rule witout exeption: these 2 minutes _are_ useful in tarpits, | to help slow vira propagation:
True, sort of. (it's more fun to pull the legs off one at a time than
to smash it quickly) If you want to do that, then install LaBrea on a
spare machine and let it draw out the virus' connection without much
consumption of your network resources. However, don't do that on a
regular machine that you expect to usefully use the network with. (if
you don't run a given service on a network node, then 'DROP'ing the
TCP SYN packet rather than 'REJECT'ing it with the firwall is a good
way to put the 2 minute timeout on the virus, eg for nimbda probing
your web server)
-D
--
What good is it for a man to gain the whole world, yet forfeit his
soul? Or what can a man give in exchange for his soul?
Mark 8:36-37
http://dman13.dyndns.org/~dman/
pgp00000.pgp
Description: PGP signature
