RE: ICMP / Ping

["Ofir Arkin" <ofir () itcon-ltd com>]

Opening ICMP Echo replies from the Internet to your entire network is not a
wise thing to do.
I would advice to open it on needed basis only.

Some of the risks are outlined in my paper "ICMP Usage in Scanning".
www.sys-security.com.

Other risks might be DoS, Covert Channels using ICMP ECHO Replies and more.


Ofir Arkin  [ofir () itcon-ltd com]
Senior Security Analyst
ITcon, Israel.
http://www.itcon-ltd.com

Personal Web page: http://www.sys-security.com

"Opinions expressed do not necessarily
represent the views of my employer."


-----Original Message-----
From: firewall-wizards-admin () nfr net
[mailto:firewall-wizards-admin () nfr net]On Behalf Of Chris
Sent: Tuesday, August 29, 2000 7:54 PM
To: firewall-wizards () nfr net
Subject: [fw-wiz] ICMP / Ping


On a Cisco Pix - how can I configure it that only the
inside network clients can ping to the outside but no
one on the outside can ping my network?

The standard command for both ways is the
conduit permit icmp any any

I am not sure how to do it the way I need it? Is this
recommended at all?

Thanks everyone!

Chris

__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards