Full Disclosure mailing list archives
Re: ICMP Security Vulnerabilities - NEW (cough)
From: "Eric Paynter" <eric () arcticbears com>
Date: Tue, 12 Jul 2005 15:08:34 -0700 (PDT)
On Tue, July 12, 2005 2:42 pm, Vic Vandal said:
3)
[...]
I will acknowledge that the first "widely published" discussion on the exact topic of ICMP filtering was "probably" in the 1995 release of "Building Internet Firewalls" (by Chapman and Zwicky). I had the book in my desk back then, but left it behind when I left the organization that paid for it. IF I still had it, I'd gladly quote it directly to verify the exact verbiage/discussion of the topic therein.
I just happen to have "Building Internet Firewalls" on my desk, 2nd Edition published in 2000, I guess updated since your version. Although there is a whole chapter on ICMP filtering, the basic advice for source quench is to allow it, so this particular source still didn't know about the problems in 2000. The only relevant quotes I could find were in Chapter 22: "The other ICMP message types you probably want to allow, both inbound and outbound, are 'source quench' (used by a receiver to tell a sender to 'slow down' because it's sending data too fast) and 'parameter problem'..." p 652 "In general, you want to allow ICMP outbound only when it has the chance of doing you some good. Both 'source quench' and 'parameter problem' are used to get the sending host to be nicer to you and are worth allowing outbound." p 653 And in a summary table for ICMP, under "Permit/Deny", next to "Message Type 4", it says "Should usually be allowed in both directions." p 654 -Eric -- arctic bears - email and dns services http://www.arcticbears.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ICMP Security Vulnerabilities - NEW (cough) Vic Vandal (Jul 12)
- Re: ICMP Security Vulnerabilities - NEW (cough) Eric Paynter (Jul 12)
- Re: ICMP Security Vulnerabilities - NEW (cough) Jeff Kell (Jul 12)
- Re: ICMP Security Vulnerabilities - NEW (cough) Fernando Gont (Jul 14)
- Re: ICMP Security Vulnerabilities - NEW (cough) Vic Vandal (Jul 21)
- <Possible follow-ups>
- Re: ICMP Security Vulnerabilities - NEW (cough) tuytumadre (Jul 13)
- Message not available
- Re: ICMP Security Vulnerabilities - NEW (cough) Fernando Gont (Jul 19)
- Message not available
- Re: ICMP Security Vulnerabilities - NEW (cough) Eric Paynter (Jul 12)