Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how to block ICMP tunneling?

From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Mon, 19 Jul 1999 19:03:39 -0400 (EDT)
I was under the impression that ICMP should be blocked coming from the
outside.  I can't think of any reason you would want some one from the
outside PINGing, TRACRTing or otherwise Probing your internal network for
active hosts.  IMHO you should simply block the entire proctocol from the
outside.


ISTM that there were a few ICMP types you really wanted, particularly
MTU discovery.  I would have to look up any others.

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-B
-----------------------------------------------------------------------
      This message is not an official statement of COSPO policies.
Previous By Date Next
Previous By Thread Next

Current thread: