Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: ICMP Packets.uy

Re: ICMP Packets.uy

From: <tqbf_at_pobox.com>
Date: Sat, 6 Jun 1998 03:29:25 -0500 (CDT)

> Inbound Allow:
>
> - echo (type 8/code 0)
> - paramter-problem (12/[0|1])
> - source-quench (4/0)
> - ttl-exceeded (11/[0|1])
>
> Deny all other inbound ICMP.

I don't understand this at all. You're allowing ECHO and, presumably,
outbound TTL-EXCEEDED messages, which are the most obvious avenues for
information gathering attacks, but not allowing arbitrary unreachable
messages (thus breaking path MTU).

Additionally, why are you allowing parameter-problem messages? Are you
allowing your filter to pass packets with IP options? Why?

-----------------------------------------------------------------------------
Thomas H. Ptacek The Company Formerly Known As Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.pobox.com/~tqbf "If you're so special, why aren't you dead?"
Received on Jun 07 1998

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]