Firewall Wizards mailing list archives
Re: Blocking scanning from outside
From: Joe Matusiewicz <joem () nist gov>
Date: Wed, 19 Jan 2000 09:29:36 -0500
If you're trying to ping the internal addresses and you have the default policy of "Accept ICMP", then the rules are allowing ICMP through the firewall.
-- Joe At 07:15 AM 1/18/00 -0800, James Wilson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We have a FW-1 box set up at the perimeter with a rule that blocks any any from outside, but when I run a scan using WinSockPingProPack it appears to see individual addresses behind the firewall. It does not see any information on them such as ports open etc. but it does list the IP as there. Is there a special rule needed to make those invisible, or is private addressing the only way to block this (since they don't route from outside)? - - James D. Wilson, CCDA, MCP "non sunt multiplicanda entia praeter necessitatem" William of Ockham (1285-1347/49) -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 Comment: I live for the sound ... of nothing but net iQA/AwUBOISDqSavYwibXjmcEQLFiACffJTqn59kuFtqzFz9Ik5p1/NH0swAoKXu urpBUQU/TfszioxUCuE9yagj =a8jQ -----END PGP SIGNATURE-----
Current thread:
- PC Anywhere: Allow, with NAT, under FW-1 Cannella, Michael (ISS Southfield) (Jan 15)
- Blocking scanning from outside James Wilson (Jan 18)
- Re: Blocking scanning from outside Chris Brenton (Jan 19)
- Re: Blocking scanning from outside Joe Matusiewicz (Jan 19)
- Blocking scanning from outside James Wilson (Jan 18)