Firewalls: Re: ICMP Source Quench

Firewalls
(June 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: ICMP Source Quench
From:	Paul Ferguson <pferguso @ cisco . com>
Date:	Wed, 05 Jun 1996 08:02:22 -0400
To:	bobk @ manzanita . DEV . 3Com . COM (Bob Konigsberg)
Cc:	firewalls @ GreatCircle . COM

My vote is to block it. I 'primitive' is an accurate description of
the effectiveness of icmp source-quench.  :-)

- paul

At 04:26 AM 6/5/96 PDT, Bob Konigsberg wrote:

>I've noticed a lot of ICMP Source Quench packets in my firewall logs. They
>are (or were more precisely) outbound.  My references say that this is a
>primitive form of flow control.  What are people's experiences with allowing
>this as an outbound packet.  I don't see any security risk offhand, but
>I'd like to know what others have seen.  Does anyone know of any security
>weaknesses related to Source Quench?
>
>Thanks,
>
>BobK
>

--
Paul Ferguson                                           ||        ||
Consulting Engineering                                  ||        ||
Reston, Virginia   USA                                 ||||      ||||
tel: +1.703.716.9538                               ..:||||||:..:||||||:..
e-mail: pferguso @
 cisco .
 com                         c i s c o S y s t e m s

Indexed By Date	Previous:	ICMP Source Quench From: bobk @ manzanita . DEV . 3Com . COM (Bob Konigsberg)
Indexed By Date	Next:	IANA private network numbers .. From: akakinad @ ccd . harris . com (Achari U.M. Kakinada)
Indexed By Thread	Previous:	ICMP Source Quench From: bobk @ manzanita . DEV . 3Com . COM (Bob Konigsberg)
Indexed By Thread	Next:	Re: ICMP Source Quench From: George Matovu <George_Matovu @ INS . COM>