Re: ICMP (Ping)

[Luca Falavigna <fala83 () libero it>]

ICMP ECHO (or PING) is a common type of packet sent through the net to 
verify if a remote host is available and the medium lags to reach it.
Its data is formed by a sequence of letter (abcdef...) according to the 
numer of bytes. As you can see the payload doesn't include malicious 
code. Anyway it is possible to perform an attack. The most known 
techniques are Ping of death (packet size is greater than 64Kb) and Ping 
flooding (an enormous mass of packet sent in a small period of time).
If your users need to use ping to verify your server is online, then set 
a specific firewall rule like the following to filter all packets except 
your users'ones.

iptables -P INPUT DROP
iptables -A INPUT -p ICMP --icmp-type ping -s trust.host -d 
your.firewall -j ACCEPT
iptables -A INPUT -p ICMP -j DROP



Luca






Paul Kurczaba wrote:
> Are there any security issues for allowing a firewall/router to respond to
> Ping from the internet?
>
> -Paul Kurczaba





---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------