Firewall Wizards mailing list archives
Re: ICMP Packets.
From: tqbf () pobox com
Date: Thu, 4 Jun 1998 03:13:28 -0500 (CDT)
If you are filtering datagrams that claim to come from your network that originate externally, redirects are not an issue. They also can be individually filtered.
This assumes that devices on your network will not misbehave when they receive a redirect message from an arbitrary host. Given that there is no legitimate reason for a redirect message to pass through a packet filter, and that the purpose of a packet filter is to limit network exposure to vulnerable hosts, it seems like a poor idea to pass redirects. ----------------------------------------------------------------------------- Thomas H. Ptacek The Company Formerly Known As Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.pobox.com/~tqbf "If you're so special, why aren't you dead?"
Current thread:
- Re: ICMP Packets., (continued)
- Re: ICMP Packets. Perry E. Metzger (Jun 03)
- Re: ICMP Packets. matthew green (Jun 04)
- Re: ICMP Packets. Bennett Todd (Jun 04)
- Re: ICMP Packets. Darren Reed (Jun 05)
- Re: ICMP Packets. tqbf (Jun 07)
- Re: ICMP Packets. Darren Reed (Jun 07)
- Re: ICMP Packets. blast (Jun 08)
- Re: ICMP Packets. Aleph One (Jun 09)
- Re: ICMP Packets. Perry E. Metzger (Jun 03)
- Re: ICMP Packets. Ge' Weijers (Jun 05)
- Re: ICMP Packets. Bennett Todd (Jun 05)
- Re: ICMP Packets. tqbf (Jun 04)
- Re: ICMP Packets. Paul D. Robertson (Jun 05)
- Re: ICMP Packets.uy tqbf (Jun 07)
- Re: ICMP Packets. Henry Hertz Hobbit (Jun 07)
- Re: ICMP Packets. tqbf (Jun 07)
- Re: ICMP Packets. Aleph One (Jun 12)