[1590] in linux-security and linux-alert archive
[linux-security] Re: Attack feeling ??
daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Thu Jul 31 14:02:02 1997
From: "Alexander O. Yuriev" <alex@yuriev.com>
To: Informacion sobre seguridad <seguridad@iti.upv.es>
cc: linux-security@redhat.com, alex@ding.mailhub.com
In-reply-to: Your message of "Thu, 31 Jul 97 17:34:01 +0200."
<19970731153649.27636.qmail@mail2.redhat.com>
Date: Thu, 31 Jul 97 11:44:43 -0400
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
Your message dated: Thu, 31 Jul 97 17:34:01 +0200
> * Drop source routes pakets
Drop packets that have a source route flag set. This stops simpliest
redirection attacks and should be always set to yes.
> * always defragment
Reassemble packet from fragments first and only after that apply firewalling
rulesets. Unless you have a really good reason not to do this ( and I am yet
to hear one ), it should be set t yes.
Alex
-----------------------------------------------------------------------------
Alex "Mr. Worf" Yuriev Nationwide ISP Bandwidth: [www.netaxs.net ]
Net Access Outsourced News Reading: [www.newsread.com ]
alex@{netaxs.com|yuriev.com} Outsourced Shell Accounts: [shellaccounts.com]
RIP is irrelevant. Spoofing is futile. Your routes will be aggregated.
-----------------------------------------------------------------------------