>The answers for all the 3 questions respectively would be as follows :
>
>1. You can have an access list where in you can specify to allow the
traffic
>from the proxy should be accepted.
>
>2. You can block all the ICMP ports
>
>3. You can also block the telnet ports
On point number 2, whilst blocking ICMP will stop anyone from pinging the
machine from outside your network, as far as I'm aware, there is very little
to stop someone with a big link from flooding the incoming link with ICMP
packets (eg. ping flooding).
These packets will be dropped because of the access list on the interface,
but they still have to be processed and more importantly, the link still
needs to carry them, hence chewing up bandwidth.
Someone feel free to correct me if I'm wrong.
Regards,
Rohan Wallace
Systems Specialist
Mayne Group IT
115 Sherriff St
Underdale, SA
Message Posted at:
http://www.groupstudy.com/form/read.php?f=1&i=9197&t=9193
--------------------------------------------------
Read http://www.groupstudy.com/list/guide.html before POSTING!
To change your subscription, read the directions on:
http://www.groupstudy.com/list/Associates.html
