[Gllug] ipchains/smtp acceptance from Demon
home at alexhudson.com
home at alexhudson.com
Fri Aug 17 14:46:26 UTC 2001
On Fri, Aug 17, 2001 at 03:08:40PM +0100, sean at uncertainty.org.uk wrote:
> I guess I'll accept all icmp (after removing ip spoofing) and leave it there
> for now
>
> BTW what about 'Ping of Death'
>
> without doing much research it looks like current kernels are not vulnerable
> but it doesn't encourage me to think icmp is entirely safe.
Blocking ping at firewall is not a fix, it's a bodge (in this case). Ping of
death was/is a tcp/ip stack problem, and affects things other than icmp also
(it's more to do with packet fragmentation than the icmp protocol).
The short story is, without icmp, the internet would not work. Full stop.
And I would say you probably have greater security risks to worry about than
icmp...
Cheers,
Alex.
--
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list