Re: PIX firewall and ICMP

[rogue <rogue () nocdemon net>]

my company's policy on ICMP is to open it explicitly to known Corp subnets
and block all else. even on a large network, that shouldnt be too hard.

On Fri, 26 Sep 2003, gregh wrote:

> > ----- Original Message -----
> > From: "Cat Thrasher" <isd607 () co santa-cruz ca us>
> > To: "Security-Basics (E-mail)" <security-basics () securityfocus com>
> > Sent: Thursday, September 25, 2003 3:21 AM
> > Subject: PIX firewall and ICMP
>
>
> > Please advise your opinions on my problem. I had a permit statement on the
> PIX that would allow ICMP from any to any. Since being > hit with Nachi, I
> turned it off. I am being asked my policy on when it will be turned back on.
> I have a rather large network and
> > many "divisions" who work independently, yet access the internet thru "my"
> PIX. They like to use ping when trouble-shooting.
> > Can I get an opinion on whether or not I should turn this back on...
> > Thanks
>
> Depends on the policies of the management of the company you work for. I
> dont know any that graciously allow pix transferred through any longer but I
> do know SOME where those pix are part of the critical work of the company. I
> would be asking management and users what their needs are!
>
> Greg.
>
>
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

-- 
==================
rogue () nocdemon net
             {\o0|
==================


---------------------------------------------------------------------------
----------------------------------------------------------------------------