Security Basics mailing list archives
RE: Removing ping/icmp from a network
From: "Ramsdell, Scott" <Scott.Ramsdell () cellnethunt com>
Date: Wed, 26 Mar 2008 09:58:23 -0400
Even on my trusted LAN, I only allow echo request/echo reply. Kind Regards, Scott Ramsdell -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mark Owen Sent: Tuesday, March 25, 2008 1:13 PM To: Hopke, Greg Cc: Secure This; security-basics () securityfocus com Subject: Re: Removing ping/icmp from a network On Tue, Mar 25, 2008 at 12:56 PM, Hopke, Greg <GHopke () libertymgt com> wrote:
Is ICMP on a LAN insecure? I could see lowing it through a firewall or from trusted to
non-trusted.
Greg
Within a trusted LAN, it is completely secure. As ICMP is handled directly by the operating system, there have been a few exploits discovered that can crash a box with a malicious ICMP packet. However, discovered flaws are not only very old, but have been fixed on just about every OS. ICMP is a twenty year old protocol and is very reliable and helpful. I wouldn't allow untrust to trust ICMP outside the firewall, but trust to trust and trust to untrust would be just fine in most cases. -- Mark Owen
Current thread:
- Removing ping/icmp from a network Secure This (Mar 25)
- RE: Removing ping/icmp from a network Hopke, Greg (Mar 25)
- Re: Removing ping/icmp from a network Mark Owen (Mar 25)
- Message not available
- Re: Removing ping/icmp from a network Mark Owen (Mar 25)
- Re: Removing ping/icmp from a network Fabio Fagundes (Mar 25)
- RE: Removing ping/icmp from a network Ramsdell, Scott (Mar 26)
- Re: Removing ping/icmp from a network Ansgar -59cobalt- Wiechers (Mar 26)
- RE: Removing ping/icmp from a network Ramsdell, Scott (Mar 27)
- Re: Removing ping/icmp from a network Ansgar -59cobalt- Wiechers (Mar 27)
- Re: Removing ping/icmp from a network Mark Owen (Mar 25)
- RE: Removing ping/icmp from a network Hopke, Greg (Mar 25)
- Re: Removing ping/icmp from a network Secure This (Mar 26)
- DoD aproved disk wiping tool JP Vicente (Mar 27)
- RE: DoD aproved disk wiping tool Timmothy Lester (Mar 27)
- Re: DoD aproved disk wiping tool John Syers (Mar 27)
- Re: DoD aproved disk wiping tool postmaster (Mar 27)