Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)

From: "Meritt James" <meritt_james () bah com>
Date: Wed, 05 Feb 2003 09:35:44 -0500
I thought it was very useful in finding out remote routes...  And we
will not even TALK about firewalking!

;-)

Jim

Christian Vogel wrote:


Hi Frederic,


Although I  _could_  agree as far as a firewalls are concerned, I don't
when it comes to routers.
Blocking/droping any ICMP packet usually turns into a real nightmare
when you've to perform troubleshooting on a wide network.


Please don't spread the word that ICMP only is for troubleshooting
networks. ICMP has it's uses beside "PING", the most important one
being "Path-MTU-Discovery" which will break when filtering all
ICMP packets! [1]

There is a really frightening number of clueless admins which misconfigure
their firewalls this way!



-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: