Vulnerability Development mailing list archives
Re: ICMP and BlackICE (fwd)
From: James Robbins <robbins.7 () OSU EDU>
Date: Thu, 7 Sep 2000 14:24:24 -0400
At 10:15 AM 9/6/00, anon6774 () HUSHMAIL COM wrote:
I thoughti would share something i noticed about BlackICE, the popular home IDS/firewall product by NetworkICE - it cannot be configured to block ICMP. This is in contrast to TCP and UDP traffic that is governed by rules in the firewall.ini file. I contacted Network Ice on this and, several emails later - they seemed to have trouble grasping the thought i would want to deny a ping - i was told that i really wouldnt want to block any ICMP traffic and, that a future release would allow it. Note - Configuring it to block a specific IP will block ICMP traffic as well.
jed, We just got bit by this a little while ago. You cannot block all ICMP traffic. Ping is only one type of service sent over ICMP. A list of the services supported by ICMP are: Echo Reply (Ping) Destination Unreachable Source Quench Redirect (change a route) Echo Request (Ping) Time Exceeded for a Datagram Parameter Problem on a Datagram Timestamp Request Timestamp Reply Information Request Information Reply Address Mask Request Address Mask Reply Some of these you can block with no ill effect. Others will break a lot of stuff. -- James A. Robbins Senior Design Engineer, Network Engineer The Ohio State University Chemistry Department
Current thread:
- ICMP and BlackICE (fwd) anon6774 (Sep 06)
- Re: ICMP and BlackICE (fwd) James Robbins (Sep 07)
- Re: ICMP and BlackICE (fwd) Brian M Brotschi (Sep 08)
- Re: ICMP and BlackICE (fwd) Jim Wildman (Sep 08)
- Message not available
- Re: ICMP and BlackICE (fwd) James Robbins (Sep 12)
- Re: ICMP and BlackICE (fwd) James Robbins (Sep 07)