[TriLUG] Was Return of BZFlag - Now ICMP

[Jon Carnes]

Nice!

I was going to suggest "tc" but this is really cool. I wasn't aware tht
IPtables had a rate-limiting module. I'm going to play with this a lot
this weekend.

Jon

On Thu, 2005-06-09 at 12:37, Jason Tower wrote:
> http://www.penguinsecurity.net/pensec/modules.php?name=News&file=article&sid=171
> 
> several icmp examples are in the text
> 
> jason
> 
> > Anyone know if there is a Linux equivalent of Cisco CAR to control ICMP
> > abuses?
> > I used to prohibit ICMP at my network edge until I discovered the
> > virtues of CAR, allowing enough traffic for helpful testing but shutting
> > down sources who send too much too often.
> >
> > Here is an example of how to use CAR on a Cisco router to control ICMP:
> > interface xy
> >  rate-limit output access-group 2020 3000000 512000 786000 conform-action
> > transmit exceed-action drop
> > access-list 2020 permit icmp any any echo-reply
> >
> > If someone could point out how to achieve this kind of thing in IP
> > tables or using some other fancy package I'd be most grateful.
> >
> > Tanner Lovelace wrote:
> >
> >>On 6/7/05, Ben Pitzer <bpitzer at gmail.com> wrote:
> >>
> >>
> >>>Yeah, how about finding out if the SC has (wisely) turned off ICMP
> >>>echo on the server?
> >>>
> >>>-Ben
> >>>
> >>>
> >>
> >>I've gone back and forth on this having done it one way or the
> >>other for several years now and I'm not actually convinced
> >>it buys you that much more security.  Yes, I know you can
> >>tunnel a shell through ICMP, but by turning it off you lose
> >>what can be a valuable debugging too.  So, I guess it
> >>just boils down to what you're willing to trade off.
> >>
> >>Cheers,
> >>Tanner
> >>
> >>
> > --
> > TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>