Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: ICMP (was: daily internet traffic report)
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Mon, 18 Oct 2004 18:22:48 +0200

Le lun 18/10/2004 à 17:12, james edwards a écrit :
I don't see the reason why it would cause a problem, as firewall is able
to spot ICMP related to server's IP connections as well...
New connections to the server must be implecitally allowed, as there
is no established state to refer to.

I guess that if you want to run a server behind a firewall, then you
have to allow some TCP or UDP connections to it... And you only have to
deal ICMP stuff for thoses connections, as others are prohibited, and
the firewall does this.

I really don't see where the problem is.

My point is just to show that we do have now solutions to filter ICMP in
a smart way that won't break PMTU discovery and stuff that rely on ICMP
messages reception...

PS : I think we could end this offline, we're far away from original
topic :)

PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]