[Freeswitch-users] ICMP... and MTU
Tristan Mahé
t.mahe at b-and-c.net
Thu Feb 20 01:10:48 MSK 2014
ICMP redirect is to block carefully, I encountered a bunch of routers
who used it extensively in HA configurations...
for these, check the source to be your gateway ( arp sticked to be safe,
with an admin mac set on the router iface to be sure it won't change in
case of failover ) and you're good to go !
Le 19/02/2014 20:24, Cesar Bermudez a écrit :
> Thx for your time and answers !!!!
>
>
> On Wed, Feb 19, 2014 at 10:39 AM, Claus Andersen <clan at wheel.dk
> <mailto:clan at wheel.dk>> wrote:
>
> On Wed, 19 Feb 2014, Claus Andersen wrote:
>
> > On Wed, 19 Feb 2014, Cesar Bermudez wrote:
> >
> >> Sorry to ask, but ..
> >
> > There are no stupid questions - only stupid answers.
>
> ...and the pain of reading you own answer...
>
> I forgot to add the actual advice. If you would like to avoid
> breaking as
> much as possible but block the obvious dangerous stuff then you should
> block for ICMP redirect (type 5). That can be used for re-routing and
> should then actively be avoided.
> The rest is fairly benign. Personally I rarely block for ICMP echo. Ping
> is a very nice diagnostic tool. Some will argue that it can be used to
> find a attack vector (that is: confirm something is there). But
> mostly you
> are actively provding services from your host so that vector is easily
> found anyway. But as long as you understand the implications it is OK to
> block (or not).
>
> Kind Regards,
> Claus Andersen
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140219/28d7b7e4/attachment.bin
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users
mailing list