Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Handling Scans.

From: "Reeves, Mike" <MReeves () SYNCHRONY NET>
Date: Tue, 13 Feb 2001 19:07:20 -0500
It is not turned off on the router... I don't let destination unreachables
out from the router because you can map an entire network using that
information. I don't think that is excessive paranoia.. I thought it was
standard to tell you the truth. You can still traceroute the hosts.. So I
shall rephrase.. I have all the "BAD" ICMP error messages turned off from
the host. Anyone have any good recommendation on what ICMP to allow/disable?

Mike

-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
Sent: Tuesday, February 13, 2001 4:39 PM
To: Reeves, Mike
Cc: INCIDENTS () SECURITYFOCUS COM
Subject: Re: Handling Scans.


On Tue, 13 Feb 2001 15:20:42 EST, "Reeves, Mike" <MReeves () SYNCHRONY NET>
said:

harmless... I have all ICMP error messages turned off... everything is
behind a firewall.... Usually all they get is available hosts and tcpip


Note that *some* ICMP should be left on.

Thanks for being Yet Another Site that breaks Path MTU Discovery because of
excessive paranoia.  Among OTHER things that get broken by turning off ALL
ICMP.
--
                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech
Previous By Date Next
Previous By Thread Next

Current thread: