Firewall Wizards mailing list archives
RE: how to block ICMP tunneling?
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Wed, 21 Jul 1999 23:59:18 -0400
Here is bit regarding our ping daemon...
First, let me _thank_ you for such a technically informative posting on this topic. The other vendors should do as well. :)
It does not send the original client data payload in the echo request if the firewall is not the target of the ping - pingd will construct a new echo request in this case with a new sequence number, new TTL (yes this affects traceroute), and new optional data (with new checksum) so that people can't "tunnel" other protocols ontop of ICMP echo.
_cooL!_
ICCMP echos are also subject to firewall rules. If there is no rule to allow ping, then all such packets get dropped. If we expect the ping to come from a tunnel and it does not, we drop it. If the ping came over a tunnel and interface is not configured to force tunnel traffic up to the proxies, then the ping packets are sent unmodified. Of course, the firewall driver makes all of its usual checks (spoofing, IP headers, etc) for ping packets like any other packet it processes. I hope that this clears things up with respect to the Raptor Firewall and ICMP!
Totally. I wish your competitors were as forthcoming with hard facts. :) I know that the firewalls I built in the distant past didn't do anything near as nice with ICMP. :) mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Re: how to block ICMP tunneling?, (continued)
- Re: how to block ICMP tunneling? Chris Brenton (Jul 20)
- Re: how to block ICMP tunneling? carson (Jul 21)
- Re: how to block ICMP tunneling? Geva Patz (Jul 20)
- Re: how to block ICMP tunneling? Chris Brenton (Jul 20)
- RE: how to block ICMP tunneling? Marcus J. Ranum (Jul 19)
- Re: how to block ICMP tunneling? Steven M. Bellovin (Jul 20)
- RE: how to block ICMP tunneling? Ben Nagy (Jul 20)
- Re: how to block ICMP tunneling? Ryan Russell (Jul 21)
- Re: how to block ICMP tunneling? Dru (Jul 26)
- RE: how to block ICMP tunneling? Jason Diesel (Jul 21)
- Re: how to block ICMP tunneling? Adam Shostack (Jul 23)
- RE: how to block ICMP tunneling? Marcus J. Ranum (Jul 23)
- Re: how to block ICMP tunneling? Sean Costello (Jul 29)
- Re: how to block ICMP tunneling? Sean Costello (Jul 29)
- Fw: how to block ICMP tunneling? Sean Costello (Jul 30)