Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Re: ICMP destination unreachable messages
From: Chunduru Rama Krishna Prasad <rkp () intotoinc com>
Date: Thu, 17 Apr 2003 09:19:42 +0530
Hi all,

      A. Find out the original connection session from ICMP error message.
      B. Do some checks, make sure the number of ICMP error messages are
           less than the packets sent out.
      C. Do rate limiting.
      Maintaing original IP identification numbers for matching with ICMP inner
      ip header IDs may be too much of processing and might require good storage.



Max Enders wrote:


Hello,

I'm curious to know how firewalls handle duplicate ICMP destination unreachable messages. How should replayed packets 
be denied? It seems like the two best options are rate limiting and inspecting the IPID. Any information is appreciated.

Thanks,
Max Enders
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards




_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]