Firewall Wizards mailing list archives
Re: ICMP Packets.
From: Bennett Todd <bet () rahul net>
Date: Fri, 5 Jun 1998 10:09:23 -0700
Thanks Ge' Weijers for inspiring me to actually start working on this:-). Borrowing your excellent table format, what happens --- what, if anything, would I break --- if I restricted ICMP to Type Description rule ------------------------------------------------------ 3 destination unreachable allow both [1] * anything else block [1] I don't want to have to wait for a timeout if I try to connect to a site who isn't there so I want to allow in; and if someone forges one of my IP addresses as the source of a SYN attack, I want the victim to be able to get a quick notification that no, it wasn't me tried to set up that connection. The ``Fragmentation Needed and Don't Fragment was Set'' packet discussed re path MTU discovery is also a sub-type of this one (code 4). I started with RFC 1700, but it looks like newer and mode detailed info is in <URL:ftp://ftp.isi.edu/in-notes/iana/assignments/icmp-parameters>. -Bennett
Current thread:
- Re: ICMP Packets., (continued)
- Re: ICMP Packets. Don Kendrick (Jun 02)
- Re: ICMP Packets. Perry E. Metzger (Jun 03)
- Re: ICMP Packets. matthew green (Jun 04)
- Re: ICMP Packets. Bennett Todd (Jun 04)
- Re: ICMP Packets. Darren Reed (Jun 05)
- Re: ICMP Packets. tqbf (Jun 07)
- Re: ICMP Packets. Darren Reed (Jun 07)
- Re: ICMP Packets. blast (Jun 08)
- Re: ICMP Packets. Aleph One (Jun 09)
- Re: ICMP Packets. Perry E. Metzger (Jun 03)
- Re: ICMP Packets. Don Kendrick (Jun 02)
- Re: ICMP Packets. Ge' Weijers (Jun 05)
- Re: ICMP Packets. Bennett Todd (Jun 05)
- Re: ICMP Packets. tqbf (Jun 04)
- Re: ICMP Packets. Paul D. Robertson (Jun 05)
- Re: ICMP Packets.uy tqbf (Jun 07)
- Re: ICMP Packets. Henry Hertz Hobbit (Jun 07)
- Re: ICMP Packets. tqbf (Jun 07)
- Re: ICMP Packets. Aleph One (Jun 12)