NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Ping of Death



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Not all pings are bad pings. ICMP protocol can be used for a number
of things. ICMP is just another IP Protocol, like TCP. Check out :

http://www.isi.edu/in-notes/iana/assignments/icmp-parameters

In order to prevent thwe rule base from growing longer than need be,
Checkpoint have given you a property to allow ICMP, bvut this is
dangerous in the extreme, without specifying that external hosts are
denied ICMP protocol.


- -----Original Message-----
From: Reynolds, Tom [mailto:[email protected]]
Sent: Friday, 13 October 2000 5:57 a.m.
To: 'Tom Sevy'; 'Dan Hitchcock'; 'Scott Becker'
Cc: FW-1 Mailing List (E-mail)
Subject: RE: [FW1] Ping of Death



If you know who the clients are, why use "any" when you could define
their
IPs as an object and only allow that object to ICMP?

Thomas E. Reynolds
Pilgrim Baxter and Associates
Network Engineering
PHONE:[email protected]


- -----Original Message-----
From: Tom Sevy [mailto:[email protected]]
Sent: Thursday, October 12, 2000 12:29 PM
To: 'Dan Hitchcock'; 'Scott Becker'
Cc: FW-1 Mailing List (E-mail)
Subject: RE: [FW1] Ping of Death



Unfortunately we have clients that insist on being able to ping our
hosts
for status.

- -----Original Message-----
From: Dan Hitchcock [mailto:[email protected]]
Sent: Thursday, October 12, 2000 11:51 AM
To: 'Scott Becker'
Cc: FW-1 Mailing List (E-mail)
Subject: RE: [FW1] Ping of Death



Why on earth would you want to allow PING from ANY?  If you must do
this,
ping of death is one of the associated risks.  The best you can do is
make
sure the OS on all ping-able boxes has all the latest security
patches
applied.

Dan Hitchcock
CCNA, MCSE
Network Engineer
Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders


- -----Original Message-----
From: Scott Becker [mailto:[email protected]]
Sent: Wednesday, October 11, 2000 8:56 PM
To: [email protected]
Subject: [FW1] Ping of Death



Hi, we'd like to allow ping from ANY however we want to avoid Ping of
Death.

Is there any way i can do this ?

Thanks.
______________________________________________________________________
___
Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.



======================================================================
======
====
     To unsubscribe from this mailing list, please see the
instructions at
               http://www.checkpoint.com/services/mailing.html
======================================================================
======
====


======================================================================
======
====
     To unsubscribe from this mailing list, please see the
instructions at
               http://www.checkpoint.com/services/mailing.html
======================================================================
======
====


======================================================================
======
====
     To unsubscribe from this mailing list, please see the
instructions at
               http://www.checkpoint.com/services/mailing.html
======================================================================
======
====


======================================================================
==========
     To unsubscribe from this mailing list, please see the
instructions at
               http://www.checkpoint.com/services/mailing.html
======================================================================
==========

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOeV/IoAS1Tpq5ZYvEQLBwwCg0xSS2Vzmynah6W5APgynpI/9i6IAoJNL
ZBFbly7wNm/O+xJA44oadwJr
=1XMS
-----END PGP SIGNATURE-----


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.