Security Basics mailing list archives
Re: PIX firewall and ICMP
From: rogue <rogue () nocdemon net>
Date: Sun, 28 Sep 2003 07:25:04 -0400 (EDT)
my company's policy on ICMP is to open it explicitly to known Corp subnets and block all else. even on a large network, that shouldnt be too hard. On Fri, 26 Sep 2003, gregh wrote:
----- Original Message ----- From: "Cat Thrasher" <isd607 () co santa-cruz ca us> To: "Security-Basics (E-mail)" <security-basics () securityfocus com> Sent: Thursday, September 25, 2003 3:21 AM Subject: PIX firewall and ICMPPlease advise your opinions on my problem. I had a permit statement on thePIX that would allow ICMP from any to any. Since being > hit with Nachi, I turned it off. I am being asked my policy on when it will be turned back on. I have a rather large network andmany "divisions" who work independently, yet access the internet thru "my"PIX. They like to use ping when trouble-shooting.Can I get an opinion on whether or not I should turn this back on... ThanksDepends on the policies of the management of the company you work for. I dont know any that graciously allow pix transferred through any longer but I do know SOME where those pix are part of the critical work of the company. I would be asking management and users what their needs are! Greg. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
-- ================== rogue () nocdemon net {\o0| ================== --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- PIX firewall and ICMP Cat Thrasher (Sep 24)
- Re: PIX firewall and ICMP Daniel Williams (Sep 24)
- Re: PIX firewall and ICMP gregh (Sep 26)
- Re: PIX firewall and ICMP rogue (Sep 29)
- Re: PIX firewall and ICMP John Hollyoak (Sep 29)
- <Possible follow-ups>
- RE: PIX firewall and ICMP Tenorio, Leandro (Sep 24)
- RE: PIX firewall and ICMP Charlie Winckless (Sep 24)
- Re: PIX firewall and ICMP Darrell Porter (Sep 25)
- RE: PIX firewall and ICMP Maher Odeh (Sep 25)
- RE: PIX firewall and ICMP Steve Marin (Sep 26)
- Re: PIX firewall and ICMP Brian Ford (Sep 26)
- RE: PIX firewall and ICMP dave hartnell (Sep 29)
- RE: PIX firewall and ICMP rogue (Sep 29)
- RE: PIX firewall and ICMP Cat Thrasher (Sep 29)