[TriLUG] IPTables: Automated firewall hardening
Jon Carnes
jonc at nc.rr.com
Mon Sep 2 22:00:20 EDT 2002
On Mon, 2002-09-02 at 21:29, Thunder Bear wrote:
> Keep in mind, dynamic filter rules are frowned upon by many security
> specialists because they could theoretically be used against you to
> initiate a denial of service attack, hitting your firewall from spoofed
> IP addresses and gradually closing you off from the Internet using your
> own systems against you.
>
Yes, a good point. He actually mentions this in the article. I agree.
Fortunately I had the foresight to modify my Cisco router so that it
dropped any incoming packets that spoofed my internal (and external)
network.
More information about the TriLUG
mailing list