Security Basics mailing list archives

Re: Removing ping/icmp from a network

From: "Mark Owen" <mr.markowen () gmail com>
Date: Tue, 25 Mar 2008 14:12:37 -0400

On Tue, Mar 25, 2008 at 12:56 PM, Hopke, Greg <GHopke () libertymgt com> wrote:

Is ICMP on a LAN insecure?

 I could see lowing it through a firewall or from trusted to non-trusted.

 Greg


Within a trusted LAN, it is completely secure.  As ICMP is handled
directly by the operating system, there have been a few exploits
discovered that can crash a box with a malicious ICMP packet.
However, discovered flaws are not only very old, but have been fixed
on just about every OS.  ICMP is a twenty year old protocol and is
very reliable and helpful.  I wouldn't allow untrust to trust ICMP
outside the firewall, but trust to trust and trust to untrust would be
just fine in most cases.


-- 
Mark Owen

Current thread:

Removing ping/icmp from a network Secure This (Mar 25)
- RE: Removing ping/icmp from a network Hopke, Greg (Mar 25)
  - Re: Removing ping/icmp from a network Mark Owen (Mar 25)
    - Message not available
    - Re: Removing ping/icmp from a network Mark Owen (Mar 25)
    - Re: Removing ping/icmp from a network Fabio Fagundes (Mar 25)
    - RE: Removing ping/icmp from a network Ramsdell, Scott (Mar 26)
    - Re: Removing ping/icmp from a network Ansgar -59cobalt- Wiechers (Mar 26)
    - RE: Removing ping/icmp from a network Ramsdell, Scott (Mar 27)
    - Re: Removing ping/icmp from a network Ansgar -59cobalt- Wiechers (Mar 27)
- Re: Removing ping/icmp from a network Ansgar -59cobalt- Wiechers (Mar 25)
- Re: Removing ping/icmp from a network Jon R. Kibler (Mar 25)
  - Re: Removing ping/icmp from a network Secure This (Mar 26)
    - DoD aproved disk wiping tool JP Vicente (Mar 27)

(Thread continues...)