And don't forget about all of the trojans that can use unused ICMP
datgram space to remotely control compromised
machines......Loki...BO2k...etc.
Jason
William Schwartz wrote:
>
> Personally, its my feeling that you only let in the traffic that is
> essential and NOTHING else. While ICMP and Traceroute are seemly "harmless"
> things to allow, I wouldn't unless there is a very good reason.
>
> Those tools can also be used to "explore" your network and for information
> gathering. Also, there are "ping floods" etc that can be used on a DOS
> attack.
>
> so. I'd say "no" to letting them inbound unless there is a real need.
>
> will
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Justin Derry
> Sent: Wednesday, June 14, 2000 9:45 PM
> To: [EMAIL PROTECTED]
> Subject: [FW1] ICMP
>
> we host over 300 web sites within a firewall protected area.
> Does anyone have any feelings / thoughts on not allowing icmp/trace route
> traffic
> through to these sites and only allowing http/https traffic
>
> Cheers
> Justin Derry
>
> ============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
