Sweeney, Patrick enscribed thusly:
> There are two dangers to allowing ICMP through the firewall that spring
> immediately to mind.
> The first is that you could subject yourself to Denial of Service (DoS)
> attacks like the ping of death.
Blocking ALL ICMP, including "ICMP unreachable/would fragment",
may break MTU discovery and potentially create it's own brand of DoS or
severly degraded service.
> The second is you could give a cracker an avenue to discover topological
> about your network. I don't consider that too much of a threat in my
> environment since I make that information easily available internally anyway
> but you may feel differently in your environment.
> I believe Axent Raptor firewall blocks ICMP.
> -----Original Message-----
> From: Sujeet Nayak [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 31, 1999 8:31 AM
> To: [EMAIL PROTECTED]
> Subject: ICMP filtering
> Hi,
> I see that most of the firewalls pass ICMP messages without filtering. Some
> of them offer filtering option only for the PING message. Does anybody know
> the firewalls that deny ICMP messages? Btw, is there any harm if I buy a
> firewall that allows all the ICMP packets to go through into and out of the
> private network.
> Thanks
> Sujeet
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
