Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: ICMP Packets.

Re: ICMP Packets.

From: Don Kendrick <dkendrick_at_mindspring.com>
Date: Tue, 2 Jun 1998 15:52:18 -0400

Agreed on the Path MTU stuff in theory thought it really depends what kind
of traffic is going between the internal and external nets. For one, I'd
rather deny ICMP and suffer some on performance.

Don

-----Original Message-----
From: Perry E. Metzger <perry_at_piermont.com>
To: Don Kendrick <dkendrick_at_mindspring.com>
Cc: Toddb <toddb_at_pacifier.com>; firewall-wizards_at_nfr.net
<firewall-wizards_at_nfr.net>
Date: Tuesday, June 02, 1998 12:14 PM
Subject: Re: ICMP Packets.

>
>"Don Kendrick" writes:
>> In the standard configuration of you, with a perimeter router, connected
>> point to point with an ISP's router; there's no reason I can think of
>> other than troubleshooting to allow ICMP packets to enter your
>> perimeter.
>
>I think stopping ICMP is, in general, a very bad idea. Among other
>things, you totally screw up Path MTU discovery, and you make it hard
>to trace network problems. The Path MTU breakage is especially bad --
>it will, among other things, impact your network performance.
>
>Perry
Received on Jun 02 1998

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]