[AusNOG] network security Question

Geordie Guy elomis at gmail.com
Tue May 20 20:04:53 EST 2014


The necessity to block ICMP is down to the balance between the available
practical attack vectors that are ICMP based, versus its practical utility
as the underlying test and verification message protocol on networks that
is expected to function and be used to relay messages accurately about
other traffic.

In short if you block it  universally there's a near 100% chance you don't
know what your are doing.
On 20/05/2014 1:37 PM, "Alex Samad - Yieldbroker" <
Alex.Samad at yieldbroker.com> wrote:

> Hi
>
> Wondering what people do around
> 1) letting through icmp
>
> I like the idea of allowing icmp through, make network diagnosis a lot
> easier, but I don't want to be bomb.
> What sort of rate limiting do people think is acceptable?
> What's acceptable from client to confirm connectivity?
>
>
> 2) blacklisting ip's
>
> So I have (like a lot of others),  people port scanning look for open
> ports, what sort of levels do people actually do something about it ?
>
> I asking as an end user, but I am also curious to know what providers do.
>
> I have heard of companies blocking entire ranges, for example say china
> and/or Russia as they have no clients there. Do people do that, do ISP
> provide that service (can that be done through the auto black hole
> mechanism ?)
>
>
> Alex
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140520/6429e716/attachment.html>


More information about the AusNOG mailing list