Firewall Wizards mailing list archives
FW-:1 ICMP despite ANY EXTERNAL DROP
From: "Cannella, Michael (ISS Southfield)" <mcannell () iss net>
Date: Wed, 19 Jan 2000 09:33:59 -0500
From: James Wilson [mailto:netsurf () sersol com] Sent: Tuesday, January 18, 2000 10:16 AM We have a FW-1 box set up at the perimeter with a rule that blocks any any from outside, but when I run a scan using WinSockPingProPack it appears to see individual addresses behind the firewall. It does not see any information on them such as ports open etc. but it does list the IP as there. Is there a special rule needed to make those invisible, or is private addressing the only way to block this (since they don't route from outside)? James D. Wilson, CCDA, MCP
FW-1 has "accept ICMP" enabled by default in its policy properties--you need to disable it. The reference on policy properties from Chris Brenton's posting yesterday is great:
See: http://www.geek-speak.net/fw1/fw1_properties.html HTH, Chris -- ************************************** cbrenton () sover net
-----michael cannella mailto:mcannella () iss net -----Internet Security Systems, eServices -----http://www.iss.net/
Current thread:
- FW-:1 ICMP despite ANY EXTERNAL DROP Cannella, Michael (ISS Southfield) (Jan 19)