Network Security: Detailed info on Re: CAN-2004-1137

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Linux

[Top] [All Lists]

Re: CAN-2004-1137

from [Blizbor] Network Security

[Permanent Link]

Subject:	Re: CAN-2004-1137
Date:	Wed, 05 Jan 2005 18:40:25 +0100

Hi,

Secondly would 'iptables -A INPUT -p IGMP -j REJECT' protect my machine

from remote attacks ?.

Theoretically - yes. But practically - no. Why ? Main idea is: do not allow any explictly necessary traffic. In my opinion as necessary you can count protocols tcp, udp and icmp. Other upon request or after detecting that somebody is trying to use them. Especially AH and ESP. "All other" protocols are used very rare and mainy by the network infrastructure. Conclusion is: why allow "all other" traffic if all infrastructure is yours and you know that none of the other protocols are in use ? So my answer is - no, because you are closing one hole after their exploitation. All other holes are still widely opened. This cant be called "*wall" ;).

Regards,
Blizbor

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: CAN-2004-1137, Ray Anthony RE: CAN-2004-1137, hilton de meillon Re: CAN-2004-1137, Blizbor <= RE: CAN-2004-1137, hilton de meillon Re: CAN-2004-1137, Kyle Wheeler Re: CAN-2004-1137, Zow Re: CAN-2004-1137, Foundation Linux RE: CAN-2004-1137, hilton de meillon Re: CAN-2004-1137, Foundation Linux

Previous by Date:	ipv6, again, R Dicaire
Next by Date:	*[Full-Disclosure] Re: nix data wipe tools*, Pavel Machek*
Previous by Thread:	RE: CAN-2004-1137, hilton de meillon
Next by Thread:	RE: CAN-2004-1137, hilton de meillon
Indexes:	[Date] [Thread] [Top] [All Lists]