[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Ping of Death
I stand (or sit :) corrected! Thanks for the info, Steve. In fact, it appears that Long ICMP gets dropped automatically in v3.0 or later - I should've known that one. The service Steve mentions, however, is useful for logging ping-of-death attempts. On another note, another list member mentioned that some clients insist on having access. This improves the situation somewhat, as you can at least restrict ICMP to certain sites. The danger of free-flow ICMP is not limited to PoD - Loki ICMP Trojan is a good reason to lock down ICMP as much as possible. Dan Hitchcock CCNA, MCSE Network Engineer Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders -----Original Message----- From: steve [mailto:[email protected]] Sent: Thursday, October 12, 2000 9:16 AM To: Dan Hitchcock Cc: 'Scott Becker'; FW-1 Mailing List (E-mail) Subject: Re: [FW1] Ping of Death dude its a total piece of cake, check out the link http://support.checkpoint.com/service/publisher.asp?id=55.0.206 if that dont work its the public config doc's section on checkpoint site. just create a new service, other, define it as for match put: icmp, (ip_off&0x2000) use what name you want, and then create a rule, any any whatever name, drop. Dan Hitchcock wrote: > Why on earth would you want to allow PING from ANY? If you must do this, > ping of death is one of the associated risks. The best you can do is make > sure the OS on all ping-able boxes has all the latest security patches > applied. > > Dan Hitchcock > CCNA, MCSE > Network Engineer > Xylo, Inc. (formerly employeesavings.com) >> The work/life solution for corporate thought leaders > > -----Original Message----- > From: Scott Becker [mailto:[email protected]] > Sent: Wednesday, October 11, 2000 8:56 PM > To: [email protected] > Subject: [FW1] Ping of Death > > Hi, we'd like to allow ping from ANY however we want to avoid Ping of Death. > > Is there any way i can do this ? > > Thanks. > _________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > Share information about yourself, create your own public profile at > http://profiles.msn.com. > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|