Please forgive me if this subject has been discussed before, but I'm
a new recruit to this list.
My query is about ICMP and firewalls - what I need to block and what
I need to allow. I have been told that if a firewall allows ICMP
traffic then it is possible to discover or compromise its routing
tables (and thence fool anti-spoofing rules) - therefore turn it off.
I have also been told that ICMP is used by some routers (incl. our
ISP) to monitor its network and route trip times - therefore turn it
on if you want efficient routing to your firewall from the Internet.
I am aware that there is more than one type of ICMP message, we have
been looking at Firewall-1 and it identifies the following ICMP
services:
echo-request mask-request
echo-reply mask-reply
info-req param-prblm
info-reply source-quench
redirect timestamp
dest-unreach timestamp-reply
time-exceeded
Which of these would be OK, and which not ?
Any help or comments would be gratefully appreciated.
Richard Bignell
Sun Alliance
rjb @
pop .
sunalliance .
com
[Standard Disclaimer Applies]
Follow-Ups:
|
|
