ICMP, statefully inspected, ummm NO
Check out TCP/IP Illustrated... (i.e. read it......)
There are ~17 types of ICMP messages ( that I know of)
If you want to controll ICMP, YOU will need to setup a rule of your own
devising:
maybe something like this.....
S D S A
X Y ICMP Echo Request Allow
Y X ICMP Echo Reply Allow
Date: Wed, 10 Jan 2001 09:59:40 -0500
From: [EMAIL PROTECTED] (Carl E. Mankinen)
Subject: [FW1] ICMP Stateful or NOT ?
I seem to be reading quite a bit that even 4.X does not use stateful
inspection
for ICMP requests. Is this in fact the case, or has CheckPoint corrected
this
in the latest releases?
For them to say that ICMP packets are harmless and thus do not require
stateful inspection is beyond belief (having my doubts they actually said
this...)
ICMP is a perfect method for tunneling control connections for trojans, or
for sending obscured hashed data containing information you wouldn't like
exposed.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
