Firewall Wizards mailing list archives
Re: ICMP Packets.
From: Bennett Todd <bet () rahul net>
Date: Fri, 5 Jun 1998 10:09:23 -0700
Thanks Ge' Weijers for inspiring me to actually start working on
this:-). Borrowing your excellent table format, what happens --- what,
if anything, would I break --- if I restricted ICMP to
Type Description rule
------------------------------------------------------
3 destination unreachable allow both [1]
* anything else block
[1] I don't want to have to wait for a timeout if I try to connect to a
site who isn't there so I want to allow in; and if someone forges
one of my IP addresses as the source of a SYN attack, I want the
victim to be able to get a quick notification that no, it wasn't me
tried to set up that connection. The ``Fragmentation Needed and
Don't Fragment was Set'' packet discussed re path MTU discovery is
also a sub-type of this one (code 4).
I started with RFC 1700, but it looks like newer and mode detailed info
is in <URL:ftp://ftp.isi.edu/in-notes/iana/assignments/icmp-parameters>.
-Bennett
Current thread:
- Re: ICMP Packets., (continued)
- Re: ICMP Packets. Don Kendrick (Jun 02)
- Re: ICMP Packets. Perry E. Metzger (Jun 03)
- Re: ICMP Packets. matthew green (Jun 04)
- Re: ICMP Packets. Bennett Todd (Jun 04)
- Re: ICMP Packets. Darren Reed (Jun 05)
- Re: ICMP Packets. tqbf (Jun 07)
- Re: ICMP Packets. Darren Reed (Jun 07)
- Re: ICMP Packets. blast (Jun 08)
- Re: ICMP Packets. Aleph One (Jun 09)
- Re: ICMP Packets. Perry E. Metzger (Jun 03)
- Re: ICMP Packets. Don Kendrick (Jun 02)
- Re: ICMP Packets. Ge' Weijers (Jun 05)
- Re: ICMP Packets. Bennett Todd (Jun 05)
- Re: ICMP Packets. tqbf (Jun 04)
- Re: ICMP Packets. Paul D. Robertson (Jun 05)
- Re: ICMP Packets.uy tqbf (Jun 07)
- Re: ICMP Packets. Henry Hertz Hobbit (Jun 07)
- Re: ICMP Packets. tqbf (Jun 07)
- Re: ICMP Packets. Aleph One (Jun 12)