Firewalls: Re: Firewalls-Digest V5 #510

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Firewalls-Digest V5 #510
From:	"Clayton Haapala" <clayh @ tenfwd . netco . com>
Organization:	Netco Communications Corp.
Date:	Tue, 17 Sep 1996 14:34:14 -0500
To:	Firewalls @ GreatCircle . COM
In-reply-to:	"Paul D. Robertson" <proberts @ clark . net> "Re: Firewalls-Digest V5 #510" (Sep 13, 9:19am)
References:	<Pine . GSO . 3 . 95 . 960913091545 . 25086B-100000 @ clark . net>
Reply-to:	clayh @ netco . com

On Sep 13,  9:19am, Paul D. Robertson wrote:
>
> You won't always get ICMP back, some of us put legitimate hosts behind
> firewalls that won't give you the pleasure of finding out which addresses
> are open for attack.

Giving out ICMP for all hosts in the bank of addresses for which you are
responsible (whether they exist or not) is about the same as giving out none,
is it not?  The information is useless to an attacker, but greases the
connection machinery better.

> You'd also leave yourself open to ICMP host
> unreachable/network unreachable Denial Of Service attacks.

No doubt -- I agree.

-- 
Clayton Haapala  (clayh @
 netco .
 com)  http://www.wam.net
Netco Communications Corp.          Go ahead and get some coffee.  But, don't
Minneapolis, MN  55401 USA          worry about caffeine -- WAM!NET won't give
612-204-3143                        you time to drink much.

References:

Re: Firewalls-Digest V5 #510
From: "Paul D. Robertson" <proberts @ clark . net>

Indexed By Date	Previous:	Re: Internet policy From: Mike Stoico <mstoico @ metlife . com>
Indexed By Date	Next:	Re: Internet policy From: marchany @ vtserf . cc . vt . edu
Indexed By Thread	Previous:	Re: Firewalls-Digest V5 #510 From: "Paul D. Robertson" <proberts @ clark . net>
Indexed By Thread	Next:	Gauntlet problem From: yb @ transgene . fr (Yannick BOEHMANN INFO)