Normally, you would just filter every ICMP traffic and permit what kind of
traffic you want..
And you have to agree with me, some kind of ICMPs messages are just
useless...
2006/10/19, Arturo 'Buanzo' Busleiman <buanzo_at_buanzo.com.ar>:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> William McVey wrote:
> > Actually, RFC 2979 (sect 3.1.1) clearly states that it's acceptable for
> > firewalls to block ICMP Echo and Echo Reply messages.
>
> Yes, but I'd say that the problem comes when someone filters ALL of in/out
> ICMP :P
>
> Lots of people still mistake icmp echo request/reply with "icmp", not
> knowing all of the other types.
>
> - --
> Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad
> Informatica
> http://www.buanzo.com.ar | http://www.vivamoslavida.com.ar : Portal
> no-comercial del buen vivir!
> for f in www blog foros linux-consulting vpnmail; do firefox
> http://$f.buanzo.com.ar ; done
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFN9D1AlpOsGhXcE0RAln5AJwMA0BcJv0UYZyjyKeR1izgMMIhBQCeKkl7
> ohGCvhPHTyMTTZNdIik0yyY=
> =62W5
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Oct 19 2006
Intro
