ICMP/ Firewall issue
Stephen Carville
carville at ugsolutions.com
Thu Oct 19 17:12:49 UTC 2000
On Thu, 19 Oct 2000, Peter Svensson wrote:
-
-On Thu, 19 Oct 2000, Igmar Palsenberg wrote:
-
-> Another case of an admin that thinks that blocking ICMP will make things
-> secure. Well, it won't. Blocking ICMP echo makes sense to me, the rest
-> doesn't and get's you into trouble sooner or later.
-
-There are others as well. Routed ICMP redirects are nonsensical for
-example, at least from outside your net.
There is also a well known DOS attack that can be made against NT/9X that
uses ICMP redirects:
http://www.securityportal.com/list-archive/bugtraq/1999/Mar/0041.html
It's pretty old (and I think SP6 fixed it on NT) but probably a lot of
machines are still vulnerable.
--
--Stephen Carville
Network Engineer
714-952-5687
===============================================================
The triumph of persuasion over force is the sign of a civilized
society.
===============================================================
More information about the bind-users
mailing list