[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Ping of Death
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Not all pings are bad pings. ICMP protocol can be used for a number of things. ICMP is just another IP Protocol, like TCP. Check out : http://www.isi.edu/in-notes/iana/assignments/icmp-parameters In order to prevent thwe rule base from growing longer than need be, Checkpoint have given you a property to allow ICMP, bvut this is dangerous in the extreme, without specifying that external hosts are denied ICMP protocol. - -----Original Message----- From: Reynolds, Tom [mailto:[email protected]] Sent: Friday, 13 October 2000 5:57 a.m. To: 'Tom Sevy'; 'Dan Hitchcock'; 'Scott Becker' Cc: FW-1 Mailing List (E-mail) Subject: RE: [FW1] Ping of Death If you know who the clients are, why use "any" when you could define their IPs as an object and only allow that object to ICMP? Thomas E. Reynolds Pilgrim Baxter and Associates Network Engineering PHONE:[email protected] - -----Original Message----- From: Tom Sevy [mailto:[email protected]] Sent: Thursday, October 12, 2000 12:29 PM To: 'Dan Hitchcock'; 'Scott Becker' Cc: FW-1 Mailing List (E-mail) Subject: RE: [FW1] Ping of Death Unfortunately we have clients that insist on being able to ping our hosts for status. - -----Original Message----- From: Dan Hitchcock [mailto:[email protected]] Sent: Thursday, October 12, 2000 11:51 AM To: 'Scott Becker' Cc: FW-1 Mailing List (E-mail) Subject: RE: [FW1] Ping of Death Why on earth would you want to allow PING from ANY? If you must do this, ping of death is one of the associated risks. The best you can do is make sure the OS on all ping-able boxes has all the latest security patches applied. Dan Hitchcock CCNA, MCSE Network Engineer Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders - -----Original Message----- From: Scott Becker [mailto:[email protected]] Sent: Wednesday, October 11, 2000 8:56 PM To: [email protected] Subject: [FW1] Ping of Death Hi, we'd like to allow ping from ANY however we want to avoid Ping of Death. Is there any way i can do this ? Thanks. ______________________________________________________________________ ___ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ====================================================================== ====== ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ====================================================================== ====== ==== ====================================================================== ====== ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ====================================================================== ====== ==== ====================================================================== ====== ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ====================================================================== ====== ==== ====================================================================== ========== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ====================================================================== ========== -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOeV/IoAS1Tpq5ZYvEQLBwwCg0xSS2Vzmynah6W5APgynpI/9i6IAoJNL ZBFbly7wNm/O+xJA44oadwJr =1XMS -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|