Security Incidents mailing list archives
Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip)
From: "Meritt James" <meritt_james () bah com>
Date: Wed, 05 Feb 2003 09:35:44 -0500
I thought it was very useful in finding out remote routes... And we will not even TALK about firewalking! ;-) Jim Christian Vogel wrote:
Hi Frederic,Although I _could_ agree as far as a firewalls are concerned, I don't when it comes to routers. Blocking/droping any ICMP packet usually turns into a real nightmare when you've to perform troubleshooting on a wide network.Please don't spread the word that ICMP only is for troubleshooting networks. ICMP has it's uses beside "PING", the most important one being "Path-MTU-Discovery" which will break when filtering all ICMP packets! [1] There is a really frightening number of clueless admins which misconfigure their firewalls this way!
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) David Gillett (Feb 02)
- <Possible follow-ups>
- RE: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Joel Tyson (Feb 03)
- Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Valdis . Kletnieks (Feb 05)
- Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Hugo van der Kooij (Feb 05)
- Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Frederic Harster (Feb 05)
- Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Christian Vogel (Feb 05)
- Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Meritt James (Feb 05)
- RE: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) James Kelly (Feb 05)
- Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Frederic Harster (Feb 05)