Firewall Wizards mailing list archives

RE: ICMP destination unreachable messages

From: "Max Enders" <Max.Enders () watchguard com>
Date: Wed, 16 Apr 2003 15:16:26 -0700

Steven,

They're simply replayed so they have not been modified in any way.

Regards,
Max

-----Original Message-----
From: Steven M. Bellovin [mailto:smb () research att com]
Sent: Wednesday, April 16, 2003 2:15 PM
To: Max Enders
Cc: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] ICMP destination unreachable messages 


In message 
<c643615a7427fb3b0dfc9eef1ff89c5f3e9c52d1 () watchguard com>, "Max Ende
rs" writes:

Hello,

I'm curious to know how firewalls handle duplicate ICMP

destination unreachabl

e messages. How should replayed packets be denied? It seems

like the two best

options are rate limiting and inspecting the IPID. Any

information is apprecia

ted.


How duplicate are they?  Remember that you have to let in the 
"fragmentation needed" messages, or you'll end up with black holes.

              --Steve Bellovin, http://www.research.att.com/~smb (me)
              http://www.wilyhacker.com (2nd edition of 
"Firewalls" book)

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

ICMP destination unreachable messages Max Enders (Apr 15)
- Re: ICMP destination unreachable messages Steven M. Bellovin (Apr 16)
- Re: ICMP destination unreachable messages Chunduru Rama Krishna Prasad (Apr 17)
- <Possible follow-ups>
- RE: ICMP destination unreachable messages Max Enders (Apr 16)