Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fw rule set question

From: Miguel Dilaj <miguel.dilaj () oissg org>
Date: Wed, 01 Aug 2007 14:49:10 -0300
Ivan . escribió:

there  are useful ICMP types, depends on your network

http://www.samag.com/documents/s=9365/sam0004i/0004i.htm
http://www.cymru.com/Documents/icmp-messages.html

cheers
Ivan

On 7/31/07, Juan B <juanbabi () yahoo com> wrote:
  

hi,

I am evaluating a Fw rule set.

I see that source quench,icmp unreacheble and time
execeeded (all icmp) is allowed from the internet to
the internal network. this is a cisco pix. is it a
requirmnet that those rules will be opened? what
happened if I disbale them? is there a security risk
here? I dont rememmber seeing those rules opened in
any fw I saw..

thanks a lot !

Juan

    


I see the point in allowing network troubleshooting traffic (ICMP,
traceroute) from the upstream ISP, but not in allowing it from everywhere.
ANY answer received from a system will allow in enumeration, at least if
the answer comes from the system itself and is not generated by a
firewall in the middle.
Regards,

Miguel
Previous By Date Next
Previous By Thread Next

Current thread: