I would barr ICMP apart destination unreachable and packets too large. A
chap I think he called Lance on this group as written a paper about this. If
I find the url again I will pass it to the list.
-----Original Message-----
From: Justin Derry [mailto:[EMAIL PROTECTED]]
Sent: 15 June 2000 02:45
To: [EMAIL PROTECTED]
Subject: [FW1] ICMP
we host over 300 web sites within a firewall protected area.
Does anyone have any feelings / thoughts on not allowing icmp/trace route
traffic
through to these sites and only allowing http/https traffic
Cheers
Justin Derry
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
*******************************************************************************************************
Any opinions expressed in the email are those of the individual and not necessarily the
City Of Salford. This email and any files transmitted with it are confidential and
solely for the use of the intended recipient.
It may contain material protected by solicitor-client privilege. If you are not the
intended recipient or the person responsible for delivering to the intended recipient,
be advised that you have received this email in error and that any use is strictly
prohibited. If you have received this email in error please notify the IT manager by
telephone on +44 (0) 1617933906.
********************************************************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
