Educause Security Discussion mailing list archives

Re: ICMP blocking

From: Joe St Sauver <joe () OREGON UOREGON EDU>
Date: Thu, 7 Dec 2006 10:12:17 -0800

Russell mentioned:

#Diagnostics work to machines that are visible on the 'Net but you can't
#easily enumerate stuff behind the firewall.
#
#One unintended consequence of the firewall is that udp trace routes are
#blocked unless the the address has a udp port open and you select that
#port to trace route on.

If the concern is network reconnaisance, things like tcptraceroute
(see http://michael.toren.net/code/tcptraceroute/ ) should also be
kept in mind, or host enumeration via passive approaches that may
also yield at least a partial roster (e.g., consider a DNS-based
passive approach)

Regards,

Joe

Current thread:

Re: ICMP blocking, (continued)
- Re: ICMP blocking ken lindahl (Dec 06)
- Re: ICMP blocking Jeff Kell (Dec 06)
- Re: ICMP blocking Constantakos, William (Dec 06)
- Re: ICMP blocking Randy Marchany (Dec 06)
- Re: ICMP blocking David Gillett (Dec 06)
- Re: ICMP blocking John Ladwig (Dec 06)
- Re: ICMP blocking David Lundy (Dec 06)
- Re: ICMP blocking Gary Flynn (Dec 06)
- Re: ICMP blocking Ken Connelly (Dec 06)
- Re: ICMP blocking Russell Fulton (Dec 07)
- Re: ICMP blocking Joe St Sauver (Dec 07)