Actually, most of the currently offered systems I've read about filter ICMP
by default. Most of them will allow ICMP from the internal network out -
and of course, their responses. But most severely restrict inbound ICMP
packets. Especially ping!
If a firewall doesn't even give you the ability to filter ICMP packets, you
should look elsewhere. There are plenty of good packages out there that
give you all those abilities. Without the ability to filter those packets,
your networks can be mapped with ping sweeps. And like us, you could
unintentionally be used as a denial-of-service attacker using pings. BE
SURE YOU FILTER INBOUND ICMP!!!
Good luck.
Chuck
-----Original Message-----
From: Sujeet Nayak [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 31, 1999 7:31 AM
To: [EMAIL PROTECTED]
Subject: ICMP filtering
Hi,
I see that most of the firewalls pass ICMP messages without filtering. Some
of them offer filtering option only for the PING message. Does anybody know
the firewalls that deny ICMP messages? Btw, is there any harm if I buy a
firewall that allows all the ICMP packets to go through into and out of the
private network.
Thanks
Sujeet
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
