Hola, parece una buena opci�n, espero m�s opiniones... Por un sitio: [RFC1700]
0Echo Reply[RFC792] 1Unassigned[JBP] 2Unassigned[JBP] 3Destination Unreachable[RFC792] 4Source Quench[RFC792] 5Redirect[RFC792] 6Alternate Host Address[JBP] 7Unassigned[JBP] 8Echo[RFC792] 9Router Advertisement[RFC1256] 10Router Selection[RFC1256] 11Time Exceeded[RFC792] 12Parameter Problem[RFC792] 13Timestamp[RFC792] 14Timestamp Reply[RFC792] 15Information Request[RFC792] 16Information Reply[RFC792] 17Address Mask Request[RFC950] 18Address Mask Reply[RFC950] 19Reserved (for Security)[Solo] 20-29Reserved (for Robustness Experiment)[ZSu] 30Traceroute[RFC1393] 31Datagram Conversion Error[RFC1475] 32Mobile Host Redirect[David Johnson] 33IPv6 Where-Are-You[Bill Simpson] 34IPv6 I-Am-Here[Bill Simpson] 35Mobile Registration Request[Bill Simpson] 36Mobile Registration Reply[Bill Simpson] 37Domain Name Request[Simpson] 38Domain Name Reply[Simpson] 39SKIP[Markson] 40Photuris[Simpson] 41-255Reserved[JBP] Por otro: # ipchains -h icmp ipchains 1.3.9, 17-Mar-1999 Valid ICMP Types: echo-reply (pong) destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS-host-redirect echo-request (ping) router-advertisement router-solicitation time-exceeded (ttl-exceeded) ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply ----- Original Message ----- From: "Hue-Bond" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, September 26, 2001 11:14 PM Subject: Re: [OT] Filtrar paquetes ICMP Alfonso, mi�rcoles 26 de septiembre de 2001 a la(s) 21:03:41 +0200: > >En un firewall, qu� paquetes ICMP se deber�an dejar pasar y cuales no? �hay >alg�n riesgo si se dejan pasar los "echo request" para que la gente sepa si >est� viva la m�quina? En input tengo todos bloqueados excepto los de tipos 0, 3, 11, 14, 16 y 18. Sobre el tipo 5 tengo dudas. En output permito todo. M�s info en el RFC 792 :^). -- David Serrano <[EMAIL PROTECTED]> - Linux Registered User #87069 _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
