Security Basics mailing list archives

Re: PIX firewall and ICMP

From: Darrell Porter <dporter () cpp com>
Date: Wed, 24 Sep 2003 18:08:11 -0700

What are they using ICMP to troubleshoot?  

Allowing ICMP from any to any is ill-advised.  If ICMP is needed for
troubleshooting, allow ICMP from inside to any.  Or you may want to educate
your users on http://www.network-tools.com or http://www.traceroute.org

My 2 cents

Darrell

Darrell Porter
Director, Network Operations
CPP, Inc.
Davies-Black Publishing
http://www.cpp.com
800-624-1765 ext 153
650-969-8608 fax



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

PIX firewall and ICMP Cat Thrasher (Sep 24)
- Re: PIX firewall and ICMP Daniel Williams (Sep 24)
- Re: PIX firewall and ICMP gregh (Sep 26)
  - Re: PIX firewall and ICMP rogue (Sep 29)
- Re: PIX firewall and ICMP John Hollyoak (Sep 29)
- <Possible follow-ups>
- RE: PIX firewall and ICMP Tenorio, Leandro (Sep 24)
- RE: PIX firewall and ICMP Charlie Winckless (Sep 24)
- Re: PIX firewall and ICMP Darrell Porter (Sep 25)
- RE: PIX firewall and ICMP Maher Odeh (Sep 25)
- RE: PIX firewall and ICMP Steve Marin (Sep 26)
- Re: PIX firewall and ICMP Brian Ford (Sep 26)
- RE: PIX firewall and ICMP dave hartnell (Sep 29)
  - RE: PIX firewall and ICMP rogue (Sep 29)
- RE: PIX firewall and ICMP Cat Thrasher (Sep 29)