[1590] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Attack feeling ??

daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Thu Jul 31 14:02:02 1997

From: "Alexander O. Yuriev" <alex@yuriev.com>
To: Informacion sobre seguridad <seguridad@iti.upv.es>
cc: linux-security@redhat.com, alex@ding.mailhub.com
In-reply-to: Your message of "Thu, 31 Jul 97 17:34:01 +0200."
             <19970731153649.27636.qmail@mail2.redhat.com> 
Date: Thu, 31 Jul 97 11:44:43 -0400
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

Your message dated: Thu, 31 Jul 97 17:34:01 +0200

>  * Drop source routes pakets

Drop packets that have a source route flag set. This stops simpliest
redirection attacks and should be always set to yes.

>  * always defragment

Reassemble packet from fragments first and only after that apply firewalling
rulesets. Unless you have a really good reason not to do this ( and I am yet
to hear one ), it should be set t yes.

Alex

-----------------------------------------------------------------------------
Alex "Mr. Worf" Yuriev         Nationwide ISP Bandwidth:  [www.netaxs.net   ]
Net Access                     Outsourced News Reading:   [www.newsread.com ]
alex@{netaxs.com|yuriev.com}   Outsourced Shell Accounts: [shellaccounts.com]
   RIP is irrelevant. Spoofing is futile. Your routes will be aggregated.
-----------------------------------------------------------------------------


home help back first fref pref prev next nref lref last post