Firewalls: Re: Ping through firewall [was: NCSA certification]

Firewalls
(November 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Ping through firewall [was: NCSA certification]
From:	Bob Beck <beck @ obtuse . com>
Date:	Fri, 22 Nov 1996 08:48:36 -0700 (MST)
To:	carlson @ cycon . com (Chris Carlson)
Cc:	firewalls @ GreatCircle . com
In-reply-to:	<Pine . LNX . 3 . 93 . 961120091906 . 9698C-100000 @ cypress . cycon . com> from "Chris Carlson" at Nov 20, 96 09:38:57 am

> 
> On Tue, 19 Nov 1996, CMIS 370-5161 Student 06 wrote:
> 
> > Please do not ping through your firewall.  It opens all sorts of
> > doors....a good firewall will not let you ping through it.
> > 
> 
> This is a personal opinion, especially when using firewalls that
> either only allow or disallow pinging and traceroutes.  Disallowing
> prevents outside people from gaining information about your network or
> attempting to set up bogus IP source routing on misconfigured routers, but
> it limits functionality of inside users.  And vice versa for allowing
> outbound ICMP: lets people ping, but opens potential security holes.
> 

	Not if you proxy it, simply allow the proxying of
ping/traceroute from your trusted to your untusted, and not
vice-versa.

	-Bob

References:

Re: Ping through firewall [was: NCSA certification]
From: Chris Carlson <carlson @ cycon . com>

Indexed By Date	Previous:	Re: NT interaction with firewall From: "Paul D. Robertson" <proberts @ clark . net>
Indexed By Date	Next:	RE: ActiveX and Risks From: Rick Murphy <rick @ tis . com>
Indexed By Thread	Previous:	Re: Ping through firewall [was: NCSA certification] From: Chris Carlson <carlson @ cycon . com>
Indexed By Thread	Next:	Re: NCSA certification [ever find a problem? LONG] From: jeromie @ garrison . com (Jeromie Jackson)