Firewall Wizards mailing list archives
RE: Borderware Ping Server
From: Don Ng <sayhockng () yahoo com>
Date: Wed, 10 Oct 2001 03:10:01 -0700 (PDT)
Hi Peter, thanks for that. I only have experience with CyberGuard and some looks at some other firewalls. It seems that the way BorderWare is designed is very much different in how the user interacts with it. My confusion arose more from semantics, "Ping Proxy, allow users to ping a system through the firewall" would be the same as a packet filtering rule of the sort. <Permit> <ICMP/Request> <Internal IP> <External IP> <enable replies>. Domo Don Ng --- Peter Cox <peter () borderware com> wrote:
The BorderWare Ping server simply enables an ICMP Echo response when it is turned on. By default the BorderWare Firewall Server does not respond to Ping (or to any connection request), enabling the Ping server on one or more interfaces enables the Firewall to respond on those interfaces. What Marcus is describing is our Ping "proxy", which when enabled will permit a user to ping a system through the Firewall and, assuming that system is up, to get a response. The Ping proxy is available only for outbound use (i.e an internal user can ping an external system and not vice versa) and like all proxies and servers is disabled by default. The Firewall's integrated hardened operating system includes defences for ping of death and other denial of service attacks.
_______________________________________________________________
Peter Cox Phone: +44 20 8893 6066 Vice President Fax: +44 20 8574 8384 BorderWare Technologies Inc http://www.borderware.com -----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com]On Behalf Of Marcus J. Ranum Sent: 09 October 2001 16:24 To: Don Ng; firewall-wizards () nfr com Subject: Re: [fw-wiz] Borderware Ping ServerSeems to be quite unique, is it a proxy server for ICMP echo request?I believe that what it did was set a bpf filter for icmp packets, which it then proxied to the outside world and re-injected on the internal network. Kind of an interesting concept; I wonder if it would have adequately protected against a ping of death attack... mjr. --- Marcus J. Ranum Chief Technology Officer, NFR Security, Inc. Work: http://www.nfr.com Personal: http://www.ranum.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
__________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Borderware Ping Server, (continued)
- RE: Borderware Ping Server Ofir Arkin (Oct 17)
- RE: Borderware Ping Server Matthew Kirkwood (Oct 18)
- RE: Borderware Ping Server Marcus J. Ranum (Oct 18)
- RE: Borderware Ping Server Ofir Arkin (Oct 18)
- RE: Borderware Ping Server Marcus J. Ranum (Oct 20)
- RE: Borderware Ping Server Ofir Arkin (Oct 23)
- RE: Borderware Ping Server Matthew Kirkwood (Oct 23)
- RE: Borderware Ping Server Ofir Arkin (Oct 23)
- RE: Borderware Ping Server Ofir Arkin (Oct 17)
- Re: Borderware Ping Server Paul Zatychec (Oct 18)
- RE: Borderware Ping Server Don Ng (Oct 11)