[AusNOG] network security Question
Mark Andrews
marka at isc.org
Wed May 21 10:29:22 EST 2014
In message <A3FB5D9FD28C50429DF7692DC31054E606DD791E at DC1INTADCW8201.yieldbroker
.com>, Alex Samad - Yieldbroker writes:
> Hi
>
> With the icmp, I was more thinking about rate limiting, all nice to allow it
> through, but I also rate limit. Haven't got any shaping on, but I would be d
> e prioritising a lot of icmp
>
> Just wondering what sort of level do (if they do) rate limit icmp to
>
> A
If you want to break TCP connections rate limit ICMP(8,3). Do you
rate limit TCP ACK's. Passing ICMP(8, 3) is just as important as
passing TCP ACKs.
> > -----Original Message-----
> > From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of
> > Chris Chaundy
> > Sent: Wednesday, 21 May 2014 10:00 AM
> > To: David Beveridge
> > Cc: ausnog at lists.ausnog.net
> > Subject: Re: [AusNOG] network security Question
> >
> > Yay! Bring back static host files... :-)
> >
> > Sent from my iPhone
> >
> > > On 21 May 2014, at 9:32, David Beveridge <dave at bevhost.com> wrote:
> > >
> > >> On Wed, May 21, 2014 at 9:21 AM, Oliver Eyre
> > <oliver.eyre at bigair.net.au> wrote:
> > >> How else are you supposed to stop the hackers if you can't block ICMP???
> > > Hmm,
> > > Better block DNS requests also...
> > >
> > > http://analogbit.com/tcp-over-dns_howto
> > > _______________________________________________
> > > AusNOG mailing list
> > > AusNOG at lists.ausnog.net
> > > http://lists.ausnog.net/mailman/listinfo/ausnog
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the AusNOG
mailing list