Firewall Wizards mailing list archives
Re: ICMP Packets.uy
From: tqbf () pobox com
Date: Sat, 6 Jun 1998 03:29:25 -0500 (CDT)
Inbound Allow: - echo (type 8/code 0) - paramter-problem (12/[0|1]) - source-quench (4/0) - ttl-exceeded (11/[0|1]) Deny all other inbound ICMP.
I don't understand this at all. You're allowing ECHO and, presumably, outbound TTL-EXCEEDED messages, which are the most obvious avenues for information gathering attacks, but not allowing arbitrary unreachable messages (thus breaking path MTU). Additionally, why are you allowing parameter-problem messages? Are you allowing your filter to pass packets with IP options? Why? ----------------------------------------------------------------------------- Thomas H. Ptacek The Company Formerly Known As Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.pobox.com/~tqbf "If you're so special, why aren't you dead?"
Current thread:
- Re: ICMP Packets., (continued)
- Re: ICMP Packets. tqbf (Jun 07)
- Re: ICMP Packets. Darren Reed (Jun 07)
- Re: ICMP Packets. blast (Jun 08)
- Re: ICMP Packets. Aleph One (Jun 09)
- Re: ICMP Packets. Ge' Weijers (Jun 05)
- Re: ICMP Packets. Bennett Todd (Jun 05)
- Re: ICMP Packets. tqbf (Jun 04)
- Re: ICMP Packets. Paul D. Robertson (Jun 05)
- Re: ICMP Packets.uy tqbf (Jun 07)
- Re: ICMP Packets. Henry Hertz Hobbit (Jun 07)
- Re: ICMP Packets. tqbf (Jun 07)
- Re: ICMP Packets. Aleph One (Jun 12)