[tech] whats happened
bernard at blackham.com.au
Fri Nov 21 14:04:45 WST 2003
On Fri, Nov 21, 2003 at 12:41:46PM +0800, Paul Marinceu wrote:
> How about some logging rules...may come in handy
In my experience firewall logs on busy machines become *very* noisy.
Though, what do people think should be usefully logged? Broadcast
traffic can probably be silently dropped (generally the biggest
offender of noisy logs).
> - rp_filter and other various things in /proc/sys/net/ipv4/
rp_filter is on by default. Most of the other settings have sensible
defaults - turning things on breaks random and obscure IP stacks.
> - syn_cookies (useful??)
Could be. Kernels weren't compiled with syn cookie support, but I
can redo them with it on the weekend.
> - other...
Mmmm, vagueness :)
I think they're relatively secure against being rooted by exploits
for the moment (ie, until the next security update comes along).
They should all be pretty safe from undiscovered buffer-overflow
bernard at blackham dot com dot au
More information about the tech