Firewall Wizards mailing list archives
Re: ICMP blocking on PIX .4.4.1
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 20 Apr 2000 20:29:40 -0400 (EDT)
look at the tcp version of traceroute, and perhaps seekout hping2. though you are going to want to restrict access to those tools... Thanks, Ron DuFresne On Thu, 20 Apr 2000 phred () pacificwest com wrote:
Yesterday our site underwent a Smurf attack which we quickly stopped by blocking ICMP traffic through the firewall. I have a need to perform tracerouts from inside to the outside through the PIX firewall (v 4.4.1.) Is there a way to allow ping and traceroute from inside to outside and still defend against smurf like attacks? ---------------------------------------------------------------- Get your free email from AltaVista at http://altavista.iname.com
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- ICMP blocking on PIX .4.4.1 phred (Apr 20)
- Re: ICMP blocking on PIX .4.4.1 R. DuFresne (Apr 21)
- Re: ICMP blocking on PIX .4.4.1 Bill Pennington (Apr 24)
- Re: ICMP blocking on PIX .4.4.1 Adam Olson (Apr 26)
- Re: ICMP blocking on PIX .4.4.1 nawk (Apr 26)
- Re: ICMP blocking on PIX .4.4.1 Jim Seymour (Apr 27)
- Re: ICMP blocking on PIX .4.4.1 R. DuFresne (Apr 28)
- ICMP blocking on PIX .4.4.1 majordomo (Apr 28)
- Re: ICMP blocking on PIX .4.4.1 Jim Seymour (Apr 27)
- <Possible follow-ups>
- Re: ICMP blocking on PIX .4.4.1 Jeffery . Gieser (Apr 24)
- Re: ICMP blocking on PIX .4.4.1 Steven M. Bellovin (Apr 28)