Security Incidents mailing list archives

Re: Sudden increase in scans.

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Mon, 24 Jul 2000 15:01:42 -0400

On Mon, 24 Jul 2000, Alexander Schreiber wrote:

But you could stop the kiddies from using ICMP to map out your network
by blocking:
 - incoming ICMP echo-request (ping)
 - outgoing ICMP echo-reply (pong)


you may also want to block ICMP-PORT-UNREACHABLEs to break firewalk. see
the paper at packetfactory.net for the situation.

blocking all ICMP is just plain wrong. it's vital to the proper function
of IP.

jose nazario                                    jose () biochemistry cwru edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc

Current thread:

Re: Sudden increase in scans. Jason Lewis (Jul 21)
- Re: Sudden increase in scans. Berend De Schouwer (Jul 24)
- Re: Sudden increase in scans. Alexander Schreiber (Jul 24)
  - Re: Sudden increase in scans. Jose Nazario (Jul 24)
    - Re: Sudden increase in scans. Alexander Schreiber (Jul 25)
- Re: Sudden increase in scans. Joe McAlerney (Jul 24)