Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] ICMP Stateful or NOT ?

To: [email protected]
Subject: Re: [FW1] ICMP Stateful or NOT ?
From: Jason Witty <[email protected]>
Date: Wed, 10 Jan 2001 11:06:52 -0600
Cc: "'Carl E. Mankinen'" <[email protected]>, [email protected]
References: <[email protected]>
Sender: [email protected]

Actually, I don't know if I believe that either.  Check Point told me
the same thing, but I don't know....  When you check the allow ICMP
option, your simply allowing "ANY ANY ICMP_Proto ALLOW", but I don't
think that really means it's stateful.  Just that it works.  And there's
really no way to prove it one way or the other with that option, since
external hosts would be allowed to ping things anyway.  Just my .02p.

Jason

Byoung Sun Yu wrote:
> 
> FW-1 4.0 or later keeps the state of ICMP IF and ONLY IF Accept ICMP option
> is checked in the Properties.
> 
> Sun Yu, CISSP
> Lucent Worldwide Services
> 
> > -----Original Message-----
> > From: [email protected]
> > [mailto:[email protected]]On
> > Behalf Of Carl
> > E. Mankinen
> > Sent: Wednesday, January 10, 2001 9:00 AM
> > To: [email protected]
> > Subject: [FW1] ICMP Stateful or NOT ?
> >
> >
> >
> > I seem to be reading quite a bit that even 4.X does not use
> > stateful inspection
> > for ICMP requests. Is this in fact the case, or has
> > CheckPoint corrected this
> > in the latest releases?
> >
> > For them to say that ICMP packets are harmless and thus do not require
> > stateful inspection is beyond belief (having my doubts they
> > actually said this...)
> > ICMP is a perfect method for tunneling control connections
> > for trojans, or
> > for sending obscured hashed data containing information you
> > wouldn't like exposed.
> >
> >
> >
> >
> >
> > ==============================================================
> > ==================
> >      To unsubscribe from this mailing list, please see the
> > instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
> >
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] ICMP Stateful or NOT ?
  - From: "Byoung Sun Yu" <[email protected]>

Prev by Date: [FW1] Freeware/shareware scanner to do an analysis against my FW-1
Next by Date: RE: [FW1] Home/Office NAT range conflicts
Previous by thread: RE: [FW1] ICMP Stateful or NOT ?
Next by thread: Re: [FW1] ICMP Stateful or NOT ?
Index(es):
- Date
- Thread