Where can i find all the fields like ip_len, icmp_type.... ????
Where can i find all the values of these fields ?????
---------------------- Envoy� par Stephane ROMERO/TOPINFO le 20/01/99 14:47
---------------------------
Franck Veysset <[EMAIL PROTECTED]> on 20/01/99 13:21:50
Pour : [EMAIL PROTECTED]
cc : Chris Tobkin <[EMAIL PROTECTED]> (ccc : Stephane ROMERO/TOPINFO)
Objet : Re: A simple way to filtering ICMP packets bigger than 64 bytes
Content-type: text/plain; charset�-ascii
Chris Tobkin wrote:
>
> Not necessarily. I'd interpret the question is more along the lines of:
> "I have a machine that is vulnerable to the ping-of-death attack inside
my
> network protected by a firewall. What can I use to filter icmp packets
that
> are larger than 64 bytes (and therefore deemed invalid)" because some
OSes are
> not vulnerable to the ping-of-death DoS and therefore they can protect
ones
> that are.. (depending on the firewall/filter app being used it may be
able to
> run on and protect machines that ARE vulnerable)
>
> > On Mon, 18 Jan 1999, tito wrote:
> >
> > > Hi,
> > > I'm looking for a way to block ICMP Packets bigger than 64 bytes.
> > > I'm using NetBSD and its IPF.
> > > If You have any suggestion I will appreciate a lot :) thanks.
> > >
> > >
> > > Tito Magaldi
Balbi
>
> I'm currently seeing nothing in FW-1.. (but i deny all outside icmp
anyways..)
> anyone else?
>
> // chris
> [EMAIL PROTECTED]
>
> *************************************************************************
> Chris Tobkin [EMAIL PROTECTED]
> Java and Web Services - Academic and Distributed Computing Services - UMN
> -----------------------------------------------------------------------
> "Thanks to the printing press, the deviant smart people were able to
> distribute their genius without having to pass it on genetically.
> Evolution was short-circuited. We gained knowledge and
> technology without gaining intelligence." - Scott Adams
> *************************************************************************
I think there are things to do with the Inspect code in FW1:
-Define a service of type Other. Put the following in the match field:
icmp, ip_len > 100
This will match any ICMP packets greater than 100 bytes in length
including headers). Create a rule with this new service to drop the packet.
-Franck
_/_/_/_/
_/_/_/_/ CNET -- France Telecom
_/_/_/_/
Franck Veysset, IP Security
E-Mail : [EMAIL PROTECTED]
Phone +33 (0)1 45 29 55 08 , Fax +33 (0)1 45 29 65 19
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
