Firewall Wizards mailing list archives
Re: Odp: icmp scans
From: "Bob Acosta" <acostar () allied-chas com>
Date: Thu, 12 Nov 1998 12:38:14 -0500
True ip could be construed as unreliable (more like unsecure), and yes applications level programming could help make it safer (how many programmers are concerned about security - more interested in functionality and getting it on the shelf). Out of curiosity, why has there been no pseudo application proxy for icmp. One that checks the data portion of the packets for non-standard strings. It was my impression that the data portion of the packet was used primarily for feeding back routing info, timestamps/delays and such. Has anybody from TIS looked into this, or is the issue too complex. My stance is to refuse all icmp, however many sites refuse to turn it off. They indicate it is either needed for troubleshooting reasons (ok - but then turn it off), or for monitoring purposes (are my remote systems still up?), and for some unknown reason even some applications require a pre-icmp before permitting a connection (would like to know why). Also, I am concerned with the way icmp has a direct line from layer 3 to the kernel of some, maybe most systems (if I am correct).
Current thread:
- Odp: icmp scans Pawel Maciejewski (Nov 11)
- Re: Odp: icmp scans Gigi Sullivan (Nov 11)
- <Possible follow-ups>
- Re: Odp: icmp scans Chris Kostick (Nov 11)
- Re: Odp: icmp scans Salvatore Sanfilippo (Nov 12)
- Re: Odp: icmp scans Gigi Sullivan (Nov 12)
- Re: Odp: icmp scans Bob Acosta (Nov 12)
- Re: Odp: icmp scans Gigi Sullivan (Nov 13)