I see no point in denying ICMP requests, it'll just be harder to
diagnose issues with customers etc,

do you think attackers/bot are going to ping first before doing port scans?

off topic, why does every one thing its good to deny ICMP, its not just
used for pings!

Alasdair



Nick Jennings wrote:
> Thanks Chris and Tim,
>
> I will look into a way of adding IPs to /etc/hosts.deny to at least
> lock out hosts which have attacked.
>
> I was also curious about the effectiveness of disabling ICMP requests,
> and also using the firewall to block port scanning. I'm wondering if
> this is worth doing (is it really *that* effective in deterring
> attacks?) and if there are any downsides to this?
>
> Thanks,
> Nick
>
>
> On Wed, 2008-01-30 at 10:37 -0600, Chris Adams wrote:
>  
>> Once upon a time, Nick Jennings <nick@(protected):
>>  
>>> Thanks for your response. I should have mentioned that this server is
>>> meant to be a hosting server for both web and mail, and there is no way
>>> to effectively restrict based on trusted clients.
>>>
>>> Is there anything else perhaps more general for if not preventing, then
>>> deterring and slowing down this kind of attack?
>>>    
>> Basically, if you plug a server into the Internet, it _will_ be
>> attacked. POP, IMAP, SMTP, SSH, FTP, and more will be probed, looking
>> for valid usernames/passwords (so always enforce password security on
>> your users).
>>
>> I know denyhosts (in EPEL) can watch the SSH log and add bad IPs to
>> /etc/hosts.deny, but I don't know if it can parse dovecot log entries as
>> well.
>>
>>  
>
> _______________________________________________
> rhelv5-list mailing list
> rhelv5-list@(protected)
> https://www.redhat.com/mailman/listinfo/rhelv5-list
>  


--
Alasdair Gow
Lumison
t: 0845 1199 900
d: 0131 514 4042

PS. Do you know that we have opened a new datacentre in Croydon? Click https://www.lumison.net/services/pdfs/colo_croydon.pdf or give us a call 0845 119 2030 if you want to know more.


--

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender. Any
offers or quotation of service are subject to formal specification.
Errors and omissions excepted. Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Lumison, nplusone or lightershade ltd.
Finally, the recipient should check this email and any attachments for the
presence of viruses. Lumison, nplusone and lightershade ltd accepts no
liability for any damage caused by any virus transmitted by this email.

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list