Re: ICMP and BlackICE (fwd)

[Brian M Brotschi <brian.brotschi () IBM NET>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

James etal;
BlackICE Agent ver2.5 will have the capability that you are looking
for.  Expected release is Q42000.  BlackICE Agent is part of the
Enterprise ICEpac Suite.
> Brian M Brotschi
> Network ICE Corporation
> Director of Security Engineers
> brian.brotschi () networkice com
> http://www.networkice.com
> PGP FingerPrint: E1E1 8E6D 003C CD6C D068  D88D C633 5AEB 4EA6 8FE2
> --------------------------------------------
> The information transmitted is intended only for the person or
> entity to which it is addressed and may contain confidential and/or
> privileged material.  Any review, retransmission, dissemination or
> other use of, or taking of any action in reliance upon, this
> information by persons or entities other than the intended
> recipient is prohibited.   If you received this in error, please
> contact the sender and delete the material from any computer.


- - -----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of
James Robbins
Sent: Thursday, September 07, 2000 11:24 AM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: ICMP and BlackICE (fwd)


At 10:15 AM 9/6/00, anon6774 () HUSHMAIL COM wrote:

> I thoughti would share something i noticed about BlackICE, the
> popular home IDS/firewall product by NetworkICE - it cannot be
> configured to block ICMP. This is in contrast to TCP and UDP traffic
> that is governed by rules in the firewall.ini file.  I contacted
> Network Ice on this and, several emails later - they seemed to have
> trouble grasping the thought i would want to deny a ping - i was
> told that i really wouldnt want to block any ICMP traffic and, that
> a future release would allow it.
>
> Note - Configuring it to block a specific IP will block ICMP traffic
> as well.

jed,
    We just got bit by this a little while ago.  You cannot block all
ICMP traffic.  Ping is only one type of service sent over ICMP.
A list of the services supported by ICMP are:

Echo Reply (Ping)
Destination Unreachable
Source Quench
Redirect (change a route)
Echo Request (Ping)
Time Exceeded for a Datagram
Parameter Problem on a Datagram
Timestamp Request
Timestamp Reply
Information Request
Information Reply
Address Mask Request
Address Mask Reply

Some of these you can block with no ill effect.  Others will
break a lot of stuff.

- - --
James A. Robbins
Senior Design Engineer, Network Engineer
The Ohio State University
Chemistry Department

- -----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.3

iQA/AwUBObhjpcYzWutOpo/iEQIf1ACgueMuOvn856/8e6ot40GhHhPUUo4AnA1f
sIIkivreDKsEiL+19X51nth6
=NipQ
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.3

iQA/AwUBObhjwsYzWutOpo/iEQLGWACg4aVMs1rKhuTZGUGUO6iEJvkd9W4An11P
SSNFHe8TCHVnusjIz21NS+9I
=yThj
-----END PGP SIGNATURE-----