On 2007/04/26 08:02, Mathieu Sauve-Frankel wrote: > > I did NOT suggest blocking ALL ICMP, just echo-request and echo- > > replies from internal hosts to untrusted IPs. Trojans have used > > echo-request and echo-reply as a method of covert communication. If > > you had read the original post you'd see that $icmp_types was defined > > to be echoreq. > > > > I don't this is FUD. > > Don't forget to also configure your firewalls to block traffic with the > evil bit set. :-)
watch out, this causes problems for clients behind rfc3514-compliant NAT...
