Re: ICMP fragments.

Carric Dooley Fri, 23 Jun 2000 08:20:16 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just a thought:  Would there really be any other reason besides an
attack or testing to have a really large ICMP packet?

Carric Dooley
Network Security Consultant

"I have often regretted my speech, never my silence." 
- - Xenocrates (396-314 B.C.) 



- ----- Original Message ----- 
From: "Sorin Florea" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, June 23, 2000 9:31 AM
Subject: Re: ICMP fragments.


> 
> I should have mentioned that I work for an ISP and I can't stop
> echo requests. 
> If someone sends a ICMP pachet large enough I belive it will be
> fragmented. While tcpdump-ing on one of my router's interface I sow
> something like that but it stoped fast so I couldn't get "a closer
> look". I supose it was the ending of a flood.
> 
> -------------------------
>  Sorin Florea 
>  e-mail: [EMAIL PROTECTED]
>  Romania Data Systems
>  Constanta
> -------------------------
> 
> On Fri, 23 Jun 2000 [EMAIL PROTECTED] wrote:
> 
> > On 23 Jun, Sorin Florea wrote:
> > > 
> > > Is there any reason to let ICMP fragments pass trough my
> > > firewall? I think ipchains with -f option will kill them but
> > > only begining with the second. 
> > > I'm also blockin' ICMP protocol unreachable and port
> > > unreachable. What other ICMP packets can I safely block?
> > > Thanks.
> > > 
> > > -------------------------
> > >  Sorin Florea 
> > >  e-mail: [EMAIL PROTECTED]
> > >  Romania Data Systems
> > >  Constanta
> > > -------------------------
> > > 
> > > 
> > > 
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > > 
> > 
> > .....  ICMP "fragments"?  I wasn't aware they existed...
> > 
> > You can block echo requests, timestamp requests, and address-mask
> > requests.  In fact, you _should_ block those.
> > 
> 
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOVN/hlUqWOkDpMZ2EQL9QwCguXV2Xc5u9Pm7RNdmX4bbem6OpLIAn2u1
rOhyjmP9RCoARQaGg2M9/FtL
=nomf
-----END PGP SIGNATURE-----


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Re: ICMP fragments.

Reply via email to
