There is not alot of information as to why you would not just take ICMP completly off the network. But this might help. If you have something like a Checkpoint Firewall for example on a gateway, The firewall can actually read into the packets and allow ICMP while disallowing redirects. Checkpoint Firewall-1 has the ability to do this at an Application-Level. Hope this helps
chris -----Original Message----- From: leon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 7:51 PM To: 'eko yulianto'; [EMAIL PROTECTED] Subject: RE: securing icmp protocol I don't think you can secure an insecure protocol. Define secure? You mean you want to encrypt your icmp traffic? What is the problem with ICMP traffic? If you want to disable anything try (type 8???) ping packets. I am pretty sure (as you stated) you need the rest for functionality. Are you worried about some kind of covert channel attack like loki? Leon -----Original Message----- From: eko yulianto [mailto:[EMAIL PROTECTED]] Sent: Monday, November 05, 2001 9:22 PM To: [EMAIL PROTECTED] Subject: securing icmp protocol Hello, Is there anyone can telling me how to make icmp traffic secure? because I thought if I disallowed all icmp traffic in my network I will get headache if I have to checking connection when the network problem occur, thank's. Eko Yulianto IT Security Menara Asia 3rd Floor Diponegoro 101, Lippo Karawaci Tangerang, Indonesia Phone: +62.21.5460666 ext.5335 Fax: +62.21.5460660 Post Office: 15810 E-mail:[EMAIL PROTECTED]
