mailing list archives
ICMP (was: daily internet traffic report)
From: Frank de Wit <frankdewit () home nl>
Date: Sun, 17 Oct 2004 20:55:52 +0200
I thought I asked a question ; the answer 'yes' should have been
Just joking, let's ask two other questions:
-when you read about ICMP fingerprinting (see Ofir Arkin's great articles)
-and you see tools like Xprobe and a lot of other OS-fingerprinting tools
I might be wrong, but:
a) do you still think ICMP is a good thing in relation to security (by
b) why would you need ICMP from the internet to your perimeter/DMZ-devices?
Willem Koenings wrote:
do you remember 'firewalking'?
sorry, but firewalking is not icmp-only technique and don't
use full range of icmp types/codes.
by firewalking you use tcp or udp packets (depends, which
protocol acl you want to study) with one bigger TTL than
target and monitor results via icmp type 11.
if you really afraid firewalking, then instead of closing
down all icmp you can close down only type 11. and nat
firewall protects you from firewalking anyway.
what i want to say? blindly closing down things is easiest
thing to do. but doing so you are not on the top of the problem
and you don't control things. get down to the problem and fix
things. there's one too many black hole routers in the world
and availability is also an security attribute.
al the best,
Full-Disclosure - We believe in it.
Re: [SPAM] Your daily internet traffic report Willem Koenings (Oct 17)
Re: ICMP (was: daily internet traffic report) Barrie Dempster (Oct 18)
Re: ICMP (was: daily internet traffic report) Ron DuFresne (Oct 18)
Re: ICMP (was: daily internet traffic report) Frank de Wit (Oct 18)
- ICMP (was: daily internet traffic report) Frank de Wit (Oct 17)