Security Basics mailing list archives
RE: PIX firewall and ICMP
From: "Maher Odeh" <rax () netvision net il>
Date: Thu, 25 Sep 2003 10:24:07 +0200
Hi If your divisions uses ping to trouble shoot you can allow a specific type of ICMP and not ICMP as all , how about something like this : access-list outside permit icmp any any echo-reply this way you can allow only Echo-reply to the system without the need to open all types of ICMP toward the network. Hope this been helpful -----Original Message----- From: Cat Thrasher [mailto:isd607 () co santa-cruz ca us] Sent: Wednesday, September 24, 2003 7:22 PM To: Security-Basics (E-mail) Subject: PIX firewall and ICMP Please advise your opinions on my problem. I had a permit statement on the PIX that would allow ICMP from any to any. Since being hit with Nachi, I turned it off. I am being asked my policy on when it will be turned back on. I have a rather large network and many "divisions" who work independently, yet access the internet thru "my" PIX. They like to use ping when trouble-shooting. Can I get an opinion on whether or not I should turn this back on... Thanks Cat Thrasher Network Support Analyst County of Santa Cruz 831-454-5367 cat.thrasher () co santa-cruz ca us ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- PIX firewall and ICMP Cat Thrasher (Sep 24)
- Re: PIX firewall and ICMP Daniel Williams (Sep 24)
- Re: PIX firewall and ICMP gregh (Sep 26)
- Re: PIX firewall and ICMP rogue (Sep 29)
- Re: PIX firewall and ICMP John Hollyoak (Sep 29)
- <Possible follow-ups>
- RE: PIX firewall and ICMP Tenorio, Leandro (Sep 24)
- RE: PIX firewall and ICMP Charlie Winckless (Sep 24)
- Re: PIX firewall and ICMP Darrell Porter (Sep 25)
- RE: PIX firewall and ICMP Maher Odeh (Sep 25)
- RE: PIX firewall and ICMP Steve Marin (Sep 26)
- Re: PIX firewall and ICMP Brian Ford (Sep 26)
- RE: PIX firewall and ICMP dave hartnell (Sep 29)
- RE: PIX firewall and ICMP rogue (Sep 29)
- RE: PIX firewall and ICMP Cat Thrasher (Sep 29)