Security Basics mailing list archives
Re: Removing ping/icmp from a network
From: "Mark Owen" <mr.markowen () gmail com>
Date: Tue, 25 Mar 2008 16:04:35 -0400
On Tue, Mar 25, 2008 at 3:39 PM, Fabio Fagundes <fabio.fagundes () gmail com> wrote:
Hi all, Please consider the risk of an intruder using ICMP as a Covert Channel (http://en.wikipedia.org/wiki/Covert_channel). Should one configure corporate routers to inspect and to rewrite ICMP packets to avoid / reduce this risk ? Regards, Fabio.
ICMP packets are fairly small and transparent and by adding any additional information to them would make them malformed and obvious. Given that ICMP traffic can easily stand out from other traffic, an intruder would probably be more likely to utilize TCP and a common service, such as SSL. For the security of my network, I would be more inclined to monitor for excess or malformed ICMP traffic instead of blocking it. -- Mark Owen
Current thread:
- Removing ping/icmp from a network Secure This (Mar 25)
- RE: Removing ping/icmp from a network Hopke, Greg (Mar 25)
- Re: Removing ping/icmp from a network Mark Owen (Mar 25)
- Message not available
- Re: Removing ping/icmp from a network Mark Owen (Mar 25)
- Re: Removing ping/icmp from a network Fabio Fagundes (Mar 25)
- RE: Removing ping/icmp from a network Ramsdell, Scott (Mar 26)
- Re: Removing ping/icmp from a network Ansgar -59cobalt- Wiechers (Mar 26)
- RE: Removing ping/icmp from a network Ramsdell, Scott (Mar 27)
- Re: Removing ping/icmp from a network Ansgar -59cobalt- Wiechers (Mar 27)
- Re: Removing ping/icmp from a network Mark Owen (Mar 25)
- RE: Removing ping/icmp from a network Hopke, Greg (Mar 25)
- Re: Removing ping/icmp from a network Secure This (Mar 26)
- DoD aproved disk wiping tool JP Vicente (Mar 27)
- RE: DoD aproved disk wiping tool Timmothy Lester (Mar 27)