[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] ICMP Stateful or NOT ?
On Wed, 10 Jan 2001, Carl E. Mankinen wrote: > I seem to be reading quite a bit that even 4.X does not use stateful inspection > for ICMP requests. Is this in fact the case, or has CheckPoint corrected this > in the latest releases? > > For them to say that ICMP packets are harmless and thus do not require > stateful inspection is beyond belief (having my doubts they actually said this...) > ICMP is a perfect method for tunneling control connections for trojans, or > for sending obscured hashed data containing information you wouldn't like exposed. To the best of my knowledge, no. I have not been able to identify any ICMP state table in the kernel memory. I have identified 4 tables within memory that potenitally track ICMP. However, after testing these 4 tables, they do not appear to do any statefull tracking of ICMP. I would greatly appreciate anyone who could provide more information. The four tables in question: firewall #fw tab -s | grep -i icmp localhost icmp_connections 50 0 localhost icmp_requests 51 4 localhost icmp_replies 52 4 localhost icmp_errors 53 5 thanks! lance ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|