llbbl
03-28-2005, 12:58 PM
How to use Ingress to prevent DDoS attacks.
http://www.faqs.org/rfcs/rfc2267.html
How to prevent DDoS attacks
http://www.cisco.com/warp/public/707/newsflash.html
Ingress filtering manages the flow of traffic as it enters a network under your administrative control. Servers are typically the only machines that need to accept inbound traffic from the public Internet. In the network usage policy of many sites, there are few reasons for external hosts to initiate inbound traffic to machines that provide no public services. Thus, ingress filtering should be performed at the border to prohibit externally initiated inbound traffic to non-authorized services. For SNMP, ingress filtering of the following ports can prevent attackers outside of your network from impacting vulnerable devices in the local network that are not explicitly authorized to provide public SNMP services.
http://www.cert.org/advisories/CA-2002-03.html
Does this mean you have to add a firewall to filter this traffic?
I figured out how to disable SNMP. You have to look for the snmpd process. For me it was located here
/etc/rc.d/init.d/snmpd.
You have to a couple other things to get it from loading automatically everytime the machine boots.
Disabling it on a server is a good idea I think because you won't be connecting any devices that use that protocol to it.
http://www.faqs.org/rfcs/rfc2267.html
How to prevent DDoS attacks
http://www.cisco.com/warp/public/707/newsflash.html
Ingress filtering manages the flow of traffic as it enters a network under your administrative control. Servers are typically the only machines that need to accept inbound traffic from the public Internet. In the network usage policy of many sites, there are few reasons for external hosts to initiate inbound traffic to machines that provide no public services. Thus, ingress filtering should be performed at the border to prohibit externally initiated inbound traffic to non-authorized services. For SNMP, ingress filtering of the following ports can prevent attackers outside of your network from impacting vulnerable devices in the local network that are not explicitly authorized to provide public SNMP services.
http://www.cert.org/advisories/CA-2002-03.html
Does this mean you have to add a firewall to filter this traffic?
I figured out how to disable SNMP. You have to look for the snmpd process. For me it was located here
/etc/rc.d/init.d/snmpd.
You have to a couple other things to get it from loading automatically everytime the machine boots.
Disabling it on a server is a good idea I think because you won't be connecting any devices that use that protocol to it.