Firewall Wizards mailing list archives

Re: ICMP blocking on PIX .4.4.1

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 20 Apr 2000 20:29:40 -0400 (EDT)



look at the tcp version of traceroute, and perhaps seekout hping2.

though you are going to want to restrict access to those tools...

Thanks,

Ron DuFresne

On Thu, 20 Apr 2000 phred () pacificwest com wrote:

Yesterday our site underwent a Smurf attack which we quickly stopped by blocking ICMP traffic through the firewall.  
I have a need to perform tracerouts from inside to the outside through the PIX firewall (v 4.4.1.)  Is there a way to 
allow ping and traceroute from inside to outside and still defend against smurf like attacks?

----------------------------------------------------------------
Get your free email from AltaVista at http://altavista.iname.com


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

Current thread:

ICMP blocking on PIX .4.4.1 phred (Apr 20)
- Re: ICMP blocking on PIX .4.4.1 R. DuFresne (Apr 21)
- Re: ICMP blocking on PIX .4.4.1 Bill Pennington (Apr 24)
  - Re: ICMP blocking on PIX .4.4.1 Adam Olson (Apr 26)
- Re: ICMP blocking on PIX .4.4.1 nawk (Apr 26)
  - Re: ICMP blocking on PIX .4.4.1 Jim Seymour (Apr 27)
    - Re: ICMP blocking on PIX .4.4.1 R. DuFresne (Apr 28)
    - ICMP blocking on PIX .4.4.1 majordomo (Apr 28)
- <Possible follow-ups>
- Re: ICMP blocking on PIX .4.4.1 Jeffery . Gieser (Apr 24)
- Re: ICMP blocking on PIX .4.4.1 Steven M. Bellovin (Apr 28)