Why ICMP? Im curious what inherent risk that would present.
I too am setting up a screening firewall, but I want to allow pings to
traverse the external router. (any advice on how to filter all ICMP
except
pings?)
>----------
>From: Ricardo Alvarado[SMTP:ralvarado @
avantel .
com .
mx]
>Sent: Friday, January 03, 1997 10:20 AM
>To: firewalls @
GreatCircle .
COM
>Subject: Re: internal filtering router - filter config?
>
>>What type of things would you filter on the internal router? or even
>>the external router? I am going to be installing a firewall real soon
>>and would really appreciate any help.
>>
>>-steve.
>>matkoski @
dreamscape .
com
>
>In your external router you'd block any ICMP traffic going back and
>forth, as well as any packets bearing one of your internal IP addresses,
>as a source address, especially if these are going INTO your protected
>network. Also, kill telnets, fingers, snmp and snmp trap. Actually, kill
>any ports that your users will not be using, andl leave just mail, web,
>ftp, etc.
>
>ricardo
>ralvarado @
avantel .
com .
mx
>
>
Follow-Ups:
|
|
