Home page logo
/

basics logo Security Basics mailing list archives

Re: Fw rule set question
From: Miguel Dilaj <miguel.dilaj () oissg org>
Date: Wed, 01 Aug 2007 14:49:10 -0300

Ivan . escribió:
there  are useful ICMP types, depends on your network

http://www.samag.com/documents/s=9365/sam0004i/0004i.htm
http://www.cymru.com/Documents/icmp-messages.html

cheers
Ivan

On 7/31/07, Juan B <juanbabi () yahoo com> wrote:
  
hi,

I am evaluating a Fw rule set.

I see that source quench,icmp unreacheble and time
execeeded (all icmp) is allowed from the internet to
the internal network. this is a cisco pix. is it a
requirmnet that those rules will be opened? what
happened if I disbale them? is there a security risk
here? I dont rememmber seeing those rules opened in
any fw I saw..

thanks a lot !

Juan

    

I see the point in allowing network troubleshooting traffic (ICMP,
traceroute) from the upstream ISP, but not in allowing it from everywhere.
ANY answer received from a system will allow in enumeration, at least if
the answer comes from the system itself and is not generated by a
firewall in the middle.
Regards,

Miguel


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]