Firewall Wizards mailing list archives
Re: how to block ICMP tunneling?
From: Sebastian Krahmer <krahmer () rz uni-potsdam de>
Date: Mon, 19 Jul 1999 13:42:29 +0200 (MET DST)
Hi,
In some email I received from Razvan Peteanu, sie wrote:BO2K has the ability to use ICMP tunneling for its traffic so I'm interested in what types of ICMP messages should be blocked to prevent this traffic.
You could install some kind of IDS on your system and tell 'em that a lot more ICMP_ECHO_REPLY than ICMP_ECHO_REQUEST is bad. a similar tool called IMON is available on www.kalug.lug.net/stealth where you can detect LOKI sessions. Also a active scan is possible: An ICMP_ECHO_REQUEST should cause an answer by 1. the kernel and 2nd the backdoor. Sebastian
Current thread:
- how to block ICMP tunneling? Razvan Peteanu (Jul 16)
- Re: how to block ICMP tunneling? Darren Reed (Jul 18)
- Re: how to block ICMP tunneling? Sebastian Krahmer (Jul 19)
- Re: how to block ICMP tunneling? Ted Doty (Jul 18)
- Re: how to block ICMP tunneling? Adam Shostack (Jul 19)
- BO2k : was (Re: how to block ICMP tunneling?) Jason Brvenik (Jul 20)
- <Possible follow-ups>
- RE: how to block ICMP tunneling? Jason Diesel (Jul 19)
- RE: how to block ICMP tunneling? Kevin Steves (Jul 26)
- RE: how to block ICMP tunneling? Kyle Starkey (Jul 19)
- Re: how to block ICMP tunneling? Joseph S D Yao (Jul 20)
- Re: how to block ICMP tunneling? Chris Brenton (Jul 20)
- Re: how to block ICMP tunneling? carson (Jul 21)
- Re: how to block ICMP tunneling? Geva Patz (Jul 20)
(Thread continues...)
- Re: how to block ICMP tunneling? Darren Reed (Jul 18)