Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ICMP (was: daily internet traffic report)

From: Cedric Blancher <blancher () cartel-securite fr>
Date: Mon, 18 Oct 2004 08:14:05 +0200
Le lun 18/10/2004 à 00:35, James Edwards a écrit :

That is great till you want to run a server behind that firewall.


I don't see the reason why it would cause a problem, as firewall is able
to spot ICMP related to server's IP connections as well...


The bigger picture, to me, is you gain little in security by blocking
ICMP.


I agree there's a lot to do before bothering with ICMP errors filtering
:)


-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE

Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: