[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] ICMP Traffic Security Issues



Look for a program called "Loki", basically telnet over ICMP.  And I believe there was a Loki2 that encrypted the traffic...

-iden_fw

>From: CryptoTech
>Reply-To: [email protected]
>To: "Fontelera, Jaime C."
>CC: "'fw1mail '"
>Subject: Re: [FW1] ICMP Traffic Security Issues
>Date: Thu, 01 Mar 2001 06:30:44 -0500
>
>Jaime,
>In the current release, (and I believe in all previous releases of FireWall-1,) ICMP
>packets are inspected on an instance by instance basis. So simply having a rule in
>that says internal any icmp-proto accept will not allow responses to those
>same pings. My Check Point rep has informed me that a new release will allow for
>'intelligent/stateful' handling of ping requests as well.
>
>I am most likely not as up to date as some of the ISS or intrusion specialists here,
>but I have never heard of 'smuggling' over icmp, but icmp does give attackers a
>clear and easy way to see what devices you have to start probing for an attack.
>Also remember that CheckPoint is only allowing a subset of icmp packet types (I
>believe icmp type 8 (echo request) and type 0 (echo response.))
>
>Cheers,
>CryptoTech
>
>"Fontelera, Jaime C." wrote:
>
> > I'm currently blocking both incoming/outgoing ICMP packets from our network.
> > I have a net admin who wants pinging and traceroute packet enabled going
> > out. But I'm kind of hesitant at this point because the security issues.
> >
> > I've read in a book some where that ICMP packets can be exploited by an
> > attacker to smuggle data through a site who's firewall ONLY allows outbound
> > echo request by sending echo responses even when they haven't seen a
> > request. It is a way for the attacker to maintain connections to a
> > compromised site.
> >
> > What's your opinion on this ?
> >
> > Thanks.
> > Jaime
> >
> > ================================================================================
> > To unsubscribe from this mailing list, please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > ================================================================================
><< smime.p7s >>

Get your FREE download of MSN Explorer at http://explorer.msn.com

================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================