Why filter ICMP when you can configure your hosts/routers not to respond
to a ECHO request on the broadcast address?
At 01:15 PM 9/1/99 -0400, Burton Rosenberg wrote:
>
>we had a problem w/ smurfing and ping. a ping to a network address generates
>a lot of traffic back to the source. in the case of a simple, non-crucial
>network, it could then be used as a launch pad for a smurf attack on a third
>address.
>
>that is, the ping can be sent w/ a false source address.
>
>-burt
>
>
>> -----Original Message-----
>> From: Sujeet Nayak [SMTP:[EMAIL PROTECTED]]
>> Sent: Wednesday, September 01, 1999 1:05 AM
>> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>> Subject: More on ICMP filtering
>>
>> Hi,
>> Thanx for the response, albeit most of them pinned only Ping as the danger
>>
>> in allowing ICMPs into the network. Its true that by default the firewall
>>
>> should block all ICMP messages. But my private network environment is
>> very
>> small and simple. I have no routers inside. A simple LAN. So can ICMPs,
>> other than Ping do any damage if they r given unrestricted access ? I
>> looked
>> at a lot of materials on the internet but could not get any convincing
>> replies that any message other than Ping, could do any substantial damage
>> into my network.
>>
>> Does anybody has any other thoughts or experienced problems with any other
>>
>> ICMP messages ?
>>
>> Thanks in advance
>>
>> Sujeet
>>
>> >Hi,
>> >I see that most of the firewalls pass ICMP messages without >filtering.
>> >Some
>> >of them offer filtering option only for the PING message. Does >anybody
>> >know
>> >the firewalls that deny ICMP messages? Btw, is there any harm if I >buy a
>> >firewall that allows all the ICMP packets to go through into and out >of
>> >the
>> >private network.
>>
>> ______________________________________________________
>> Get Your Private, Free Email at http://www.hotmail.com
>> -
>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> "unsubscribe firewalls" in the body of the message.]
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
>
Joel Gridley "Be the packet."
Network Security/Firewall Specialist
GTE Internetworking, "Powered by BBN."
Burlington, MA
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
