New Denial of Service Attack on Panix

• Previous message (by thread): New Denial of Service Attack on Panix
• Next message (by thread): New Denial of Service Attack on Panix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have to stand somewhat corrected.

>create a filter "internet.out"
>Contents:
>three lines for each net block you have:
>
>	permit 1.2.3.4/20 tcp
>	permit 1.2.3.4/20 udp
>	permit 1.2.3.4/20 icmp

The more appropriate format would be:
	permit 1.2.3.4/20 0.0.0.0/0 tcp
	permit 1.2.3.4/20 0.0.0.0/0 udp
	permit 1.2.3.4/20 0.0.0.0/0 icmp

You are *supposed* to use a src/dest netblock pair, though I have
set up and used w/o a dest address and it worked.

>final line to log (optional) MUST COME AFTER permit list for netblocks:
>	deny log

If you choose not to log, then you need a line:
	deny

Otherwise that which falls through isn't denied, obviously.

Doing router filters while fatigued is often a problematic process.
Try and work on them when you aren't so tired, unlike me when I
sent my first mail 8-)


-george william herbert
gherbert at crl.com

• Previous message (by thread): New Denial of Service Attack on Panix
• Next message (by thread): New Denial of Service Attack on Panix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]