Firewall Wizards mailing list archives

Re: ICMP destination unreachable messages

From: Chunduru Rama Krishna Prasad <rkp () intotoinc com>
Date: Thu, 17 Apr 2003 09:19:42 +0530

Hi all,

      A. Find out the original connection session from ICMP error message.
      B. Do some checks, make sure the number of ICMP error messages are
           less than the packets sent out.
      C. Do rate limiting.
      Maintaing original IP identification numbers for matching with ICMP inner
      ip header IDs may be too much of processing and might require good storage.



Max Enders wrote:

Hello,

I'm curious to know how firewalls handle duplicate ICMP destination unreachable messages. How should replayed packets 
be denied? It seems like the two best options are rate limiting and inspecting the IPID. Any information is appreciated.

Thanks,
Max Enders
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

ICMP destination unreachable messages Max Enders (Apr 15)
- Re: ICMP destination unreachable messages Steven M. Bellovin (Apr 16)
- Re: ICMP destination unreachable messages Chunduru Rama Krishna Prasad (Apr 17)
- <Possible follow-ups>
- RE: ICMP destination unreachable messages Max Enders (Apr 16)