Firewall Wizards mailing list archives
Re: ICMP destination unreachable messages
From: Chunduru Rama Krishna Prasad <rkp () intotoinc com>
Date: Thu, 17 Apr 2003 09:19:42 +0530
Hi all, A. Find out the original connection session from ICMP error message. B. Do some checks, make sure the number of ICMP error messages are less than the packets sent out. C. Do rate limiting. Maintaing original IP identification numbers for matching with ICMP inner ip header IDs may be too much of processing and might require good storage. Max Enders wrote:
Hello, I'm curious to know how firewalls handle duplicate ICMP destination unreachable messages. How should replayed packets be denied? It seems like the two best options are rate limiting and inspecting the IPID. Any information is appreciated. Thanks, Max Enders _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- ICMP destination unreachable messages Max Enders (Apr 15)
- Re: ICMP destination unreachable messages Steven M. Bellovin (Apr 16)
- Re: ICMP destination unreachable messages Chunduru Rama Krishna Prasad (Apr 17)
- <Possible follow-ups>
- RE: ICMP destination unreachable messages Max Enders (Apr 16)