Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Removing ping/icmp from a network

From: "Ramsdell, Scott" <Scott.Ramsdell () cellnethunt com>
Date: Wed, 26 Mar 2008 09:58:23 -0400
Even on my trusted LAN, I only allow echo request/echo reply.


Kind Regards,

Scott Ramsdell


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Mark Owen
Sent: Tuesday, March 25, 2008 1:13 PM
To: Hopke, Greg
Cc: Secure This; security-basics () securityfocus com
Subject: Re: Removing ping/icmp from a network

On Tue, Mar 25, 2008 at 12:56 PM, Hopke, Greg <GHopke () libertymgt com>
wrote:

Is ICMP on a LAN insecure?

 I could see lowing it through a firewall or from trusted to

non-trusted.


 Greg



Within a trusted LAN, it is completely secure.  As ICMP is handled
directly by the operating system, there have been a few exploits
discovered that can crash a box with a malicious ICMP packet.
However, discovered flaws are not only very old, but have been fixed
on just about every OS.  ICMP is a twenty year old protocol and is
very reliable and helpful.  I wouldn't allow untrust to trust ICMP
outside the firewall, but trust to trust and trust to untrust would be
just fine in most cases.


-- 
Mark Owen
Previous By Date Next
Previous By Thread Next

Current thread: