Firewall Wizards mailing list archives
Re: how to block ICMP tunneling? Deja vu? sorry...my last post had an error
From: "Don Kendrick" <don () netspys com>
Date: Thu, 22 Jul 1999 07:18:07 -0400
Sorry....below I said that I was "blocking unreachables, ttl-exceeded and echo-reply inbound..." I meant to say I was blocking all icmp except those listed... Sorry for the confusion.... Don -----Original Message----- From: Don Kendrick <don () netspys com> To: firewall <firewall-wizards () nfr net> Date: Thursday, July 22, 1999 4:24 AM Subject: Re: how to block ICMP tunneling? Deja vu?
Didn't we just have this discussion last year :) I've been blocking unreachables, ttl-exceeded and echo-reply inbound at the border router and blocking everything else from passing thru the firewall for many years . All is allowed out from the external side of the house only...path MTU has never caused any problems that I'm aware of in our net. Aren't other routers between my net and the "rest of the world" responding to path MTU? Wouldn't it only be a factor if my path was smaller then any other between point A and B? btw...some one else suggested that it mattered if you have a token based network inside...I've got that as well. DonIf you do, you break Path MTU, which can disrupt communications to many sites.
Current thread:
- Re: how to block ICMP tunneling? Deja vu? sorry...my last post had an error Don Kendrick (Jul 23)