Firewall Wizards mailing list archives

Re: ICMP Packets.

From: tqbf () pobox com
Date: Thu, 4 Jun 1998 03:13:28 -0500 (CDT)

If you are filtering datagrams that claim to come from your network 
that originate externally, redirects are not an issue. They also can
be individually filtered.


This assumes that devices on your network will not misbehave when they
receive a redirect message from an arbitrary host. Given that there is no
legitimate reason for a redirect message to pass through a packet filter,
and that the purpose of a packet filter is to limit network exposure to
vulnerable hosts, it seems like a poor idea to pass redirects.

-----------------------------------------------------------------------------
Thomas H. Ptacek          The Company Formerly Known As Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.pobox.com/~tqbf       "If you're so special, why aren't you dead?"

Current thread:

Re: ICMP Packets., (continued)
- - Re: ICMP Packets. Perry E. Metzger (Jun 03)
    - Re: ICMP Packets. matthew green (Jun 04)
    - Re: ICMP Packets. Bennett Todd (Jun 04)
    - Re: ICMP Packets. Darren Reed (Jun 05)
    - Re: ICMP Packets. tqbf (Jun 07)
    - Re: ICMP Packets. Darren Reed (Jun 07)
    - Re: ICMP Packets. blast (Jun 08)
    - Re: ICMP Packets. Aleph One (Jun 09)
    - Re: ICMP Packets. Ge' Weijers (Jun 05)
    - Re: ICMP Packets. Bennett Todd (Jun 05)
    - Re: ICMP Packets. tqbf (Jun 04)
    - Re: ICMP Packets. Paul D. Robertson (Jun 05)
- Re: ICMP Packets. Andrew Yeomans (Jun 03)
- Re: ICMP Packets. john_smith (Jun 05)
  - Re: ICMP Packets.uy tqbf (Jun 07)
  - Re: ICMP Packets. Henry Hertz Hobbit (Jun 07)
- Re: ICMP Packets. john_smith (Jun 05)
  - Re: ICMP Packets. tqbf (Jun 07)
- Re: ICMP Packets. Vern Paxson (Jun 12)
  - Re: ICMP Packets. Aleph One (Jun 12)
- RE: ICMP Packets. Krammes,Jim (Jun 13)