A Cisco PIX Firewall will allow you to define which type(s) (all 18) of
ICMP traffic that you want stopped or allowed. You can further that with
ICMP access-lists to really secure and lock down your perimeter.You can
also set the PIX to log all denied ICMP attempts. That way you get to
size packets, that could amount to a DoS
and flood the bandwidth.
-Original Message-
From: Omar Koudsi [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 08, 2001 5:30 PM
To: eko yulianto; [EMAIL PROTECTED]
Subject: RE: securing icmp protocol
IMHO, ICMP traffic in nature isn't
.
Checkpoint Firewall-1 has the ability to do this at an Application-Level.
Hope this helps
chris
-Original Message-
From: leon [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 13, 2001 7:51 PM
To: 'eko yulianto'; [EMAIL PROTECTED]
Subject: RE: securing icmp protocol
I don't think you can secure
.
Checkpoint Firewall-1 has the ability to do this at an Application-Level.
Hope this helps
chris
-Original Message-
From: leon [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 13, 2001 7:51 PM
To: 'eko yulianto'; [EMAIL PROTECTED]
Subject: RE: securing icmp protocol
I don't think you can secure
I don't think you can secure an insecure protocol. Define secure? You
mean you want to encrypt your icmp traffic? What is the problem with
ICMP traffic? If you want to disable anything try (type 8???) ping
packets. I am pretty sure (as you stated) you need the rest for
functionality. Are
IMHO, ICMP traffic in nature isn't secure. Your best bet would be to block
at your firewall, that's if you are talking about securing ICMP traffic from
the internet.
---
Omar Koudsi
IT Architect
Network Security Center
Special Systems Company
http://security.sscjo.com
[EMAIL PROTECTED]
