nanog mailing list archives
Re: Firewall stateful handling of ICMP packets
From: Henry Linneweh <hrlinneweh () sbcglobal net>
Date: Wed, 3 Dec 2003 16:25:14 -0800 (PST)
there are expert modes where you can apply the name source destination protocol time comments. rank state action track for more stabilized dedicated connections I am certain there are more depending on the vender -Henry Sean Donelan <sean () donelan com> wrote: You could drop ICMP packets at your firewall if the firewalls properly implemented stateful inspection of ICMP packets. The problem is few firewalls include ICMP responses in their statefull analysis. So you are left with two bad choices, permit "all" ICMP packets or deny "all" ICMP packets.
Current thread:
- Re: MTU path discovery and IPSec, (continued)
- Re: MTU path discovery and IPSec Steven M. Bellovin (Dec 03)
- Re: MTU path discovery and IPSec Owen DeLong (Dec 03)
- Re: MTU path discovery and IPSec Valdis . Kletnieks (Dec 03)
- Re: MTU path discovery and IPSec Owen DeLong (Dec 03)
- RE: MTU path discovery and IPSec cproctor (Dec 03)
- Re: MTU path discovery and IPSec David Sinn (Dec 03)
- Firewall stateful handling of ICMP packets Sean Donelan (Dec 03)
- Re: Firewall stateful handling of ICMP packets Owen DeLong (Dec 03)
- Re: Firewall stateful handling of ICMP packets Valdis . Kletnieks (Dec 03)
- Re: Firewall stateful handling of ICMP packets Owen DeLong (Dec 03)
- Re: MTU path discovery and IPSec David Sinn (Dec 03)
- Re: Firewall stateful handling of ICMP packets Henry Linneweh (Dec 03)
- Re: MTU path discovery and IPSec Steven M. Bellovin (Dec 03)
- Re: MTU path discovery and IPSec Tony Rall (Dec 04)
- Re: MTU path discovery and IPSec Joe Maimon (Dec 04)
- Re: MTU path discovery and IPSec Valdis . Kletnieks (Dec 04)
- Re: MTU path discovery and IPSec Barney Wolff (Dec 04)
- Re: MTU path discovery and IPSec Joe Maimon (Dec 04)
- Re: MTU path discovery and IPSec Valdis . Kletnieks (Dec 04)
- Re: MTU path discovery and IPSec Joe Maimon (Dec 04)
- Re: MTU path discovery and IPSec Crist Clark (Dec 04)
- Re: MTU path discovery and IPSec Joe Maimon (Dec 04)
- Re: MTU path discovery and IPSec Laurence F. Sheldon, Jr. (Dec 04)