Firewall Wizards mailing list archives
RE: ICMP / Ping
From: "Ofir Arkin" <ofir () itcon-ltd com>
Date: Thu, 31 Aug 2000 12:58:19 +0200
Opening ICMP Echo replies from the Internet to your entire network is not a wise thing to do. I would advice to open it on needed basis only. Some of the risks are outlined in my paper "ICMP Usage in Scanning". www.sys-security.com. Other risks might be DoS, Covert Channels using ICMP ECHO Replies and more. Ofir Arkin [ofir () itcon-ltd com] Senior Security Analyst ITcon, Israel. http://www.itcon-ltd.com Personal Web page: http://www.sys-security.com "Opinions expressed do not necessarily represent the views of my employer." -----Original Message----- From: firewall-wizards-admin () nfr net [mailto:firewall-wizards-admin () nfr net]On Behalf Of Chris Sent: Tuesday, August 29, 2000 7:54 PM To: firewall-wizards () nfr net Subject: [fw-wiz] ICMP / Ping On a Cisco Pix - how can I configure it that only the inside network clients can ping to the outside but no one on the outside can ping my network? The standard command for both ways is the conduit permit icmp any any I am not sure how to do it the way I need it? Is this recommended at all? Thanks everyone! Chris __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: ICMP / Ping Ofir Arkin (Sep 05)