archaic at indy.rr.com
Thu Feb 12 20:18:49 PST 2004
On Thu, Feb 12, 2004 at 11:00:31PM -0500, Robert Connolly wrote:
> I don't know much about iptables or how many protocols it filters, but
> a default deny policy would have to include arp, ipx, and misc
> protocols that can travel on a lan. I don't know if there is a way to
> block unknown protocols...
IPX is still IP, and to avoid arp cache attacks just ignore the
broadcast packets and hardcode you arp. It's a pain when switching
NIC's, but some feel it is worth it. There are so many levels we could
go with this. The problem is PEBKAC. Many just don't want to
inconvenience themselves that much.
Don't ever think you know what's right for the other person. He might
start thinking he knows what's right for you.
- Paul Williams, `Das Energi'
More information about the hlfs-dev