Apart from the other two possible harms as pointed out in previous mails
, by allowing ICMP traffic, there are chances of using ICMP for covert
channels. Its very difficult to detect these channels. Because the attacker
uses these channels for transferring data. What the attacker can do is run
trojan in the internal network, which will receive icmp traffic. And then
communicate with external world through the covert channel(ie ICMP).
The explanation of this attack is given in a project called Loki. You
can find it in rootshell.com.
So it is better to block ICMP traffic.
-Shashidhar
Sujeet Nayak wrote:
> Hi,
> I see that most of the firewalls pass ICMP messages without filtering. Some
> of them offer filtering option only for the PING message. Does anybody know
> the firewalls that deny ICMP messages? Btw, is there any harm if I buy a
> firewall that allows all the ICMP packets to go through into and out of the
> private network.
>
> Thanks
>
> Sujeet
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
