[lug] using tcpdump to emulate effects of packet dump

[Jeffrey Siegal]

D. Stimits wrote:
> FYI, this machine has a Linux filtering bridge on it, stopping the 
> usually garbage that comes in below port 1024. It isn't acceptable to 
> ban port 1026 udp as this would break a lot of applications, including 
> (randomly) host lookups, as the lowest open udp port is often the 
> recipient of dns replies.

I'd run a local caching DNS server, and point your Windows machines at 
that.  Then block all incoming packets to your Windows boxes from the 
outside except non-SYN tcp packets.