Vulnerability Development mailing list archives
Re: ICMP and BlackICE (fwd)
From: Brian M Brotschi <brian.brotschi () IBM NET>
Date: Thu, 7 Sep 2000 20:58:04 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 James etal; BlackICE Agent ver2.5 will have the capability that you are looking for. Expected release is Q42000. BlackICE Agent is part of the Enterprise ICEpac Suite.
Brian M Brotschi Network ICE Corporation Director of Security Engineers brian.brotschi () networkice com http://www.networkice.com PGP FingerPrint: E1E1 8E6D 003C CD6C D068 D88D C633 5AEB 4EA6 8FE2 -------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
- - -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of James Robbins Sent: Thursday, September 07, 2000 11:24 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: ICMP and BlackICE (fwd) At 10:15 AM 9/6/00, anon6774 () HUSHMAIL COM wrote:
I thoughti would share something i noticed about BlackICE, the popular home IDS/firewall product by NetworkICE - it cannot be configured to block ICMP. This is in contrast to TCP and UDP traffic that is governed by rules in the firewall.ini file. I contacted Network Ice on this and, several emails later - they seemed to have trouble grasping the thought i would want to deny a ping - i was told that i really wouldnt want to block any ICMP traffic and, that a future release would allow it. Note - Configuring it to block a specific IP will block ICMP traffic as well.
jed, We just got bit by this a little while ago. You cannot block all ICMP traffic. Ping is only one type of service sent over ICMP. A list of the services supported by ICMP are: Echo Reply (Ping) Destination Unreachable Source Quench Redirect (change a route) Echo Request (Ping) Time Exceeded for a Datagram Parameter Problem on a Datagram Timestamp Request Timestamp Reply Information Request Information Reply Address Mask Request Address Mask Reply Some of these you can block with no ill effect. Others will break a lot of stuff. - - -- James A. Robbins Senior Design Engineer, Network Engineer The Ohio State University Chemistry Department - -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.3 iQA/AwUBObhjpcYzWutOpo/iEQIf1ACgueMuOvn856/8e6ot40GhHhPUUo4AnA1f sIIkivreDKsEiL+19X51nth6 =NipQ - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.3 iQA/AwUBObhjwsYzWutOpo/iEQLGWACg4aVMs1rKhuTZGUGUO6iEJvkd9W4An11P SSNFHe8TCHVnusjIz21NS+9I =yThj -----END PGP SIGNATURE-----
Current thread:
- ICMP and BlackICE (fwd) anon6774 (Sep 06)
- Re: ICMP and BlackICE (fwd) James Robbins (Sep 07)
- Re: ICMP and BlackICE (fwd) Brian M Brotschi (Sep 08)
- Re: ICMP and BlackICE (fwd) Jim Wildman (Sep 08)
- Message not available
- Re: ICMP and BlackICE (fwd) James Robbins (Sep 12)
- Re: ICMP and BlackICE (fwd) James Robbins (Sep 07)