Security Basics mailing list archives
Re: Fw rule set question
From: Miguel Dilaj <miguel.dilaj () oissg org>
Date: Wed, 01 Aug 2007 14:49:10 -0300
Ivan . escribió:
there are useful ICMP types, depends on your network http://www.samag.com/documents/s=9365/sam0004i/0004i.htm http://www.cymru.com/Documents/icmp-messages.html cheers Ivan On 7/31/07, Juan B <juanbabi () yahoo com> wrote:hi, I am evaluating a Fw rule set. I see that source quench,icmp unreacheble and time execeeded (all icmp) is allowed from the internet to the internal network. this is a cisco pix. is it a requirmnet that those rules will be opened? what happened if I disbale them? is there a security risk here? I dont rememmber seeing those rules opened in any fw I saw.. thanks a lot ! Juan
I see the point in allowing network troubleshooting traffic (ICMP, traceroute) from the upstream ISP, but not in allowing it from everywhere. ANY answer received from a system will allow in enumeration, at least if the answer comes from the system itself and is not generated by a firewall in the middle. Regards, Miguel
Current thread:
- Re: Fw rule set question Ivan . (Aug 01)
- Re: Fw rule set question Miguel Dilaj (Aug 01)
- <Possible follow-ups>
- Re: RE: Fw rule set question dave . long (Aug 01)