[4486] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (George Herbert)
Tue Sep 17 14:55:21 1996
To: George Herbert <gherbert@crl.com>
Cc: Michael Dillon <michael@memra.com>, nanog@merit.edu, iepg@iepg.org,
gherbert@crl.com
In-Reply-To: Your message of "Mon, 16 Sep 1996 21:07:57 PDT."
<199609170407.AA29031@mail.crl.com>
Date: Tue, 17 Sep 1996 11:45:53 -0700
From: George Herbert <gherbert@crl.com>
I have to stand somewhat corrected.
>create a filter "internet.out"
>Contents:
>three lines for each net block you have:
>
> permit 1.2.3.4/20 tcp
> permit 1.2.3.4/20 udp
> permit 1.2.3.4/20 icmp
The more appropriate format would be:
permit 1.2.3.4/20 0.0.0.0/0 tcp
permit 1.2.3.4/20 0.0.0.0/0 udp
permit 1.2.3.4/20 0.0.0.0/0 icmp
You are *supposed* to use a src/dest netblock pair, though I have
set up and used w/o a dest address and it worked.
>final line to log (optional) MUST COME AFTER permit list for netblocks:
> deny log
If you choose not to log, then you need a line:
deny
Otherwise that which falls through isn't denied, obviously.
Doing router filters while fatigued is often a problematic process.
Try and work on them when you aren't so tired, unlike me when I
sent my first mail 8-)
-george william herbert
gherbert@crl.com
