[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Scan detection

Subject: RE: [cobalt-security] Scan detection
From: "Graeme Fowler" <graeme.fowler@xxxxxxxxxxxxxx>
Date: Mon, 12 Aug 2002 17:43:42 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Paul Jacobs wrote:

> If network admin's would setup there network right this could 
> not happen!. 
> A simple command in your cisco powered router config can stop
> forged addresses from getting to your box. That command would
> be "ip verify unicast reverse-path" (no quotes)..

Congratulations.

It can, however, still happen if the packets are not spoofed.

Plus reverse-path verification is a great CPU hog; better to configure your router to not accept bogon networks and ensure it only passes IP in the right direction. Still, this is a Cobalt list, we ain't here to discuss Cisco router IP setups.

Everyone note though that the "can be vulnerable to DoS attacks" comment still stands if you do have your router configured properly. It's the logging, and the blocking, which causes the problems. Like I said, keep your services as secure as possible and everyone's happy.

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC

Prev by Date: Re: [cobalt-security] got root?
Next by Date: RE: [cobalt-security] Scan detection
Previous by thread: RE: [cobalt-security] Scan detection
Next by thread: RE: [cobalt-security] Scan detection

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index