Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SSH hanging

from [Robert Hajime Lanning] Network Security [Permanent Link]
Subject: Re: SSH hanging
Date: Tue, 21 Sep 2004 11:03:09 -0700 
You can try traceroute with a large packet size.

But, if you keep your MTU small, it will degrade your performance for
all other connections.

Just use this:
iptables --table filter -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables --table filter -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables --table filter -A INPUT -p icmp --icmp-type
destination-unreachable -j ACCEPT
iptables --table filter -A INPUT -p icmp --icmp-type source-quench -j ACCEPT
iptables --table filter -A INPUT -p icmp --icmp-type
ttl-zero-during-transit -j ACCEPT

The only real optional ones are echo-request and echo-reply.  All the
rest is required for
proper TCP/UDP controls/responses.

On Mon, 20 Sep 2004 06:22:18 -0700 (PDT), Johnson Jeba Asir
<squidjohnson@yahoo.com> wrote:

Helo all,

          Sorry for the very late reply. After setting
the MTU to 1350, the connection was fine for a couple
of days. So far i'm allowing ICMP ports 0,8 alone.
Since this issue is very important, i've changed my
entier settup. Once the things are fine then, I'll
update my firewall with ICMP request handling and
revert it back. Now I need a way to find out which
link is having lesser MTU problem. Is there is any way
to find it out?

TIA
John


-- 
END OF LINE
       -MCP
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OpenSSH -- a way to block recurrent login failures?, Shawn Duffy
Next by Date:  Re: OpenSSH -- a way to block recurrent login failures?, Javier Sanchez
Previous by Thread:  Re: SSH hanging, Johnson Jeba Asir
Next by Thread:  RE: SSH hanging, Piszcz, Justin Michael
Indexes:  [Date] [Thread] [Top] [All Lists]