Firewall Wizards mailing list archives
Re: how to block ICMP tunneling?
From: Chris Brenton <cbrenton () sover net>
Date: Mon, 19 Jul 1999 21:00:22 -0400
Kyle Starkey wrote:
I was under the impression that ICMP should be blocked coming from the outside. I can't think of any reason you would want some one from the outside PINGing, TRACRTing or otherwise Probing your internal network for active hosts. IMHO you should simply block the entire proctocol from the outside.
Humm. This may be a bit drastic. For example source quench (type 4) is pretty useful and can keep you from dropping packets. Without it, you may see a lot of hung connections. Destination unreachable (type 3) is used for error reporting if you attempt to contact an unreachable host. In fact, UDP also uses it to report active systems which are not offering services on the port specified. Again, loss of type 3 can result in hung connections. Blocking Time Exceeded (type 11) will prevent you from being able to trace out from your network. Then again this could be a feature. ;) Also, blocking MTU discovery (type 3, code 4) can cause a complete breakdown in communications, especially if your environment uses a token based topology. This is just a few off the top of my head. There are probably others but you get the idea. Not all ICMP is "bad"(TM). Of course the bottom line is "what does your security policy say about ICMP?". ;) Cheers, Chris -- ************************************** cbrenton () sover net * Multiprotocol Network Design & Troubleshooting http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet * Mastering Network Security http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
Current thread:
- how to block ICMP tunneling? Razvan Peteanu (Jul 16)
- Re: how to block ICMP tunneling? Darren Reed (Jul 18)
- Re: how to block ICMP tunneling? Sebastian Krahmer (Jul 19)
- Re: how to block ICMP tunneling? Ted Doty (Jul 18)
- Re: how to block ICMP tunneling? Adam Shostack (Jul 19)
- BO2k : was (Re: how to block ICMP tunneling?) Jason Brvenik (Jul 20)
- <Possible follow-ups>
- RE: how to block ICMP tunneling? Jason Diesel (Jul 19)
- RE: how to block ICMP tunneling? Kevin Steves (Jul 26)
- RE: how to block ICMP tunneling? Kyle Starkey (Jul 19)
- Re: how to block ICMP tunneling? Joseph S D Yao (Jul 20)
- Re: how to block ICMP tunneling? Chris Brenton (Jul 20)
- Re: how to block ICMP tunneling? carson (Jul 21)
- Re: how to block ICMP tunneling? Geva Patz (Jul 20)
- RE: how to block ICMP tunneling? Marcus J. Ranum (Jul 19)
- Re: how to block ICMP tunneling? Steven M. Bellovin (Jul 20)
- RE: how to block ICMP tunneling? Ben Nagy (Jul 20)
- Re: how to block ICMP tunneling? Ryan Russell (Jul 21)
- Re: how to block ICMP tunneling? Dru (Jul 26)
- RE: how to block ICMP tunneling? Jason Diesel (Jul 21)
- Re: how to block ICMP tunneling? Adam Shostack (Jul 23)
- RE: how to block ICMP tunneling? Marcus J. Ranum (Jul 23)
(Thread continues...)
- Re: how to block ICMP tunneling? Darren Reed (Jul 18)