Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ICMP Packets.

From: "Don Kendrick" <dkendrick () mindspring com>
Date: Tue, 2 Jun 1998 07:57:09 -0400
In the standard configuration of you, with a perimeter router, connected point to point with an ISP's router; there's 
no reason I can think of other than troubleshooting to allow ICMP packets to enter your perimeter.

Don
    -----Original Message-----
    From: Toddb <toddb () pacifier com>
    To: firewall-wizards () nfr net <firewall-wizards () nfr net>
    Date: Tuesday, June 02, 1998 2:21 AM
    Subject: ICMP Packets.
    
    
    To prohibit anyone from 'pinging' our router from the internet, I have disabled certain ICMP packets ( namely echo 
reply ) from exiting our external router interface. They are allowed in, but not out - which effectively disables 
someone from the outside pinging our router, but allows internal machines to ping the outside world. I have a couple of 
questions that someone may be able to answer.
     
    1) Is there any reason that echo reply would need to be allowed out in response to an external request? I know this 
is the case for other ICMP messages such as packet-too-big, but I am not sure why echo-reply would ever be needed.
     
    2) Is there a list of ICMP message types that are needed as opposed to ones that are just used for troubleshooting 
( like echo, echo-reply ) that can be blocked without problems.
     
    Thanks,
     
    Todd
     
    toddb () pacifier com
Previous By Date Next
Previous By Thread Next

Current thread: