Snort mailing list archives
Re: Cyberkit signature
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 22 Aug 2003 18:40:28 +0000
On Fri, 2003-08-22 at 17:04, Erek Adams wrote:
Blocking ICMP is bad, M'kay? </Mr.MackeyVoice> You break MTU-Path discovery and a couple of other things. You can if you want, but it can wreak havoc on Solaris boxes if you're not careful. Consider blocking the ICMP echo request of only the size that the worm uses. It's something odd like 91 bytes I think...
You can block most ICMP types. For MTU path discovery, I believe you have to leave open (inbound) type 3 and type 11 codes. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Cyberkit signature djmurd (Aug 22)
- Re: Cyberkit signature Erek Adams (Aug 22)
- Re: Cyberkit signature Frank Knobbe (Aug 22)
- RE: Cyberkit signature Eric Hines (Sep 02)
- RE: Cyberkit signature Eric Hines (Sep 02)
- Re: Cyberkit signature Paul Schmehl (Aug 22)
- RE: Cyberkit signature Eric Greenberg (Aug 22)
- Re: Cyberkit signature Patrick Dolan (Aug 23)
- <Possible follow-ups>
- RE: Cyberkit signature Tony Bunce (Aug 22)
- RE: Cyberkit signature Schmehl, Paul L (Aug 22)
- RE: Cyberkit signature Paul Schmehl (Aug 22)
- RE: Cyberkit signature Tony Bunce (Aug 22)
- Re: Cyberkit signature Andrew . Patrick (Aug 25)
(Thread continues...)
- Re: Cyberkit signature Erek Adams (Aug 22)