-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Not all pings are bad pings. ICMP protocol can be used for a number
of things. ICMP is just another IP Protocol, like TCP. Check out :
http://www.isi.edu/in-notes/iana/assignments/icmp-parameters
In order to prevent thwe rule base from growing longer than need be,
Checkpoint have given you a property to allow ICMP, bvut this is
dangerous in the extreme, without specifying that external hosts are
denied ICMP protocol.
- -----Original Message-----
From: Reynolds, Tom [mailto:[EMAIL PROTECTED]]
Sent: Friday, 13 October 2000 5:57 a.m.
To: 'Tom Sevy'; 'Dan Hitchcock'; 'Scott Becker'
Cc: FW-1 Mailing List (E-mail)
Subject: RE: [FW1] Ping of Death
If you know who the clients are, why use "any" when you could define
their
IPs as an object and only allow that object to ICMP?
Thomas E. Reynolds
Pilgrim Baxter and Associates
Network Engineering
PHONE: 610-578-1581
[EMAIL PROTECTED]
- -----Original Message-----
From: Tom Sevy [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 12, 2000 12:29 PM
To: 'Dan Hitchcock'; 'Scott Becker'
Cc: FW-1 Mailing List (E-mail)
Subject: RE: [FW1] Ping of Death
Unfortunately we have clients that insist on being able to ping our
hosts
for status.
- -----Original Message-----
From: Dan Hitchcock [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 12, 2000 11:51 AM
To: 'Scott Becker'
Cc: FW-1 Mailing List (E-mail)
Subject: RE: [FW1] Ping of Death
Why on earth would you want to allow PING from ANY? If you must do
this,
ping of death is one of the associated risks. The best you can do is
make
sure the OS on all ping-able boxes has all the latest security
patches
applied.
Dan Hitchcock
CCNA, MCSE
Network Engineer
Xylo, Inc. (formerly employeesavings.com)
425.456.3970
The work/life solution for corporate thought leaders
- -----Original Message-----
From: Scott Becker [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 11, 2000 8:56 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Ping of Death
Hi, we'd like to allow ping from ANY however we want to avoid Ping of
Death.
Is there any way i can do this ?
Thanks.
______________________________________________________________________
___
Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
======================================================================
======
====
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
======================================================================
======
====
======================================================================
======
====
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
======================================================================
======
====
======================================================================
======
====
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
======================================================================
======
====
======================================================================
==========
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
======================================================================
==========
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOeV/IoAS1Tpq5ZYvEQLBwwCg0xSS2Vzmynah6W5APgynpI/9i6IAoJNL
ZBFbly7wNm/O+xJA44oadwJr
=1XMS
-----END PGP SIGNATURE-----
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
