FW-:1 ICMP despite ANY EXTERNAL DROP

["Cannella, Michael (ISS Southfield)" <mcannell () iss net>]

> From: James Wilson [mailto:netsurf () sersol com]
> Sent: Tuesday, January 18, 2000 10:16 AM
> We have a FW-1 box set up at the perimeter with a rule that blocks any
> any from outside, but when I run a scan using WinSockPingProPack it
> appears to see individual addresses behind the firewall.  It does not
> see any information on them such as ports open etc. but it does list
> the IP as there.  Is there a special rule needed to make those
> invisible, or is private addressing the only way to block this (since
> they don't route from outside)?
> James D. Wilson, CCDA, MCP


FW-1 has "accept ICMP" enabled by default in its policy properties--you need
to disable it.  The reference on policy properties from Chris Brenton's
posting yesterday is great:


> See:
> http://www.geek-speak.net/fw1/fw1_properties.html
>
> HTH,
> Chris
> -- 
> **************************************
> cbrenton () sover net



-----michael cannella  mailto:mcannella () iss net
-----Internet Security Systems, eServices
-----http://www.iss.net/