Mailinglist Archive: opensuse-security (511 mails)
| < Previous | Next > |
RE: [suse-security] return-rst and codered
- From: Boris Lorenz <bolo@xxxxxxx>
- Date: Tue, 07 Aug 2001 12:51:24 +0200 (MEST)
- Message-id: <XFMail.010807125124.bolo@xxxxxxx>
Hi,
On 07-Aug-01 Togan Muftuoglu wrote:
> Hi,
>
> Thanks to Boris I have the return-rst for the blockage of the IP block.
> Can this be used to lower the tcpspam caused by CodeRED since I am _not_
> _running_ a publicly available http server and thought of applying this
> concept to the port 80 requests
of course you could. If you do not run a public web server you just have to
block access from the entire outside world (read: connections which are flowing
in on the "world device" of your firewall/webserver), thus eliminating any way
for an attacker to flood your httpd log files with requests for default.ida's.
return-rst would then lower the impact of such attacks on your bandwith if used
together with the block of port 80.
However, make sure you insert some ipchains input-accept lines for your
internal network before blocking the outside world if you want your internal
clients to be able to use our internal web server.
> --
> Togan Muftuoglu
---
Boris Lorenz <bolo@xxxxxxx>
System Security Admin *nix - *nux
---
On 07-Aug-01 Togan Muftuoglu wrote:
> Hi,
>
> Thanks to Boris I have the return-rst for the blockage of the IP block.
> Can this be used to lower the tcpspam caused by CodeRED since I am _not_
> _running_ a publicly available http server and thought of applying this
> concept to the port 80 requests
of course you could. If you do not run a public web server you just have to
block access from the entire outside world (read: connections which are flowing
in on the "world device" of your firewall/webserver), thus eliminating any way
for an attacker to flood your httpd log files with requests for default.ida's.
return-rst would then lower the impact of such attacks on your bandwith if used
together with the block of port 80.
However, make sure you insert some ipchains input-accept lines for your
internal network before blocking the outside world if you want your internal
clients to be able to use our internal web server.
> --
> Togan Muftuoglu
---
Boris Lorenz <bolo@xxxxxxx>
System Security Admin *nix - *nux
---
| < Previous | Next > |