[tech] whats happened

Bernard Blackham bernard at blackham.com.au
Fri Nov 21 14:04:45 WST 2003


On Fri, Nov 21, 2003 at 12:41:46PM +0800, Paul Marinceu wrote:
> How about some logging rules...may come in handy

In my experience firewall logs on busy machines become *very* noisy.
Though, what do people think should be usefully logged? Broadcast
traffic can probably be silently dropped (generally the biggest
offender of noisy logs).

> 	- rp_filter and other various things in /proc/sys/net/ipv4/

rp_filter is on by default. Most of the other settings have sensible
defaults - turning things on breaks random and obscure IP stacks.

> 	- syn_cookies (useful??)

Could be. Kernels weren't compiled with syn cookie support, but I
can redo them with it on the weekend.

> 	- other...

Mmmm, vagueness :)

I think they're relatively secure against being rooted by exploits
for the moment (ie, until the next security update comes along).
They should all be pretty safe from undiscovered buffer-overflow
exploits too.

Bernard.

-- 
 Bernard Blackham 
 bernard at blackham dot com dot au



More information about the tech mailing list