Firewall Wizards mailing list archives
ICMP blocking on PIX .4.4.1
From: majordomo <lists () indifference org>
Date: Fri, 28 Apr 2000 07:53:02 -0700
Allowing ICMP (or any connection-less protocol, such as UDP) *through* the firewall is another issue entirely. Connection-less protocols are not safe. Cannot be made safe. Other than perhaps allowing syslog from the router to a syslog host, specifically, I don't see any particular reason to allow any UDP through a firewall.
Doesn't DNS use udp? As for the icmp issue, I agree with you. K.J.
Current thread:
- ICMP blocking on PIX .4.4.1 phred (Apr 20)
- Re: ICMP blocking on PIX .4.4.1 R. DuFresne (Apr 21)
- Re: ICMP blocking on PIX .4.4.1 Bill Pennington (Apr 24)
- Re: ICMP blocking on PIX .4.4.1 Adam Olson (Apr 26)
- Re: ICMP blocking on PIX .4.4.1 nawk (Apr 26)
- Re: ICMP blocking on PIX .4.4.1 Jim Seymour (Apr 27)
- Re: ICMP blocking on PIX .4.4.1 R. DuFresne (Apr 28)
- ICMP blocking on PIX .4.4.1 majordomo (Apr 28)
- Re: ICMP blocking on PIX .4.4.1 Jim Seymour (Apr 27)
- <Possible follow-ups>
- Re: ICMP blocking on PIX .4.4.1 Jeffery . Gieser (Apr 24)
- Re: ICMP blocking on PIX .4.4.1 Steven M. Bellovin (Apr 28)