RE: [FW1] Blocking ICMP

["Carl E. Mankinen" <bandit@FW1-NOSPAMzcore.net>]

If it's just a DDoS, they can flood a single address (in use or not) on your subnet and

have the affect of killing your entire subnet if you can't handle the traffic load.

 

There are other ways of scanning/finding hosts than just using ICMP.

 

1) you can just do a service connect scan.

 

2) you can dig into their DNS zone and see what you can find. Often people will use a

naming scheme which you can infer other hostnames from. etc. Sometimes they

might just return ALL records...

-----Original Message-----
From: owner-fw-1-mailinglist@lists.us.checkpoint.com [mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On Behalf Of Juan Concepcion
Sent: Saturday, June 09, 2001 9:10 PM
To: Tony Wong; fw-1-mailinglist@beethoven.us.checkpoint.com
Subject: RE: [FW1] Blocking ICMP

People can't attack what they can't see/detect.

 

Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE
E-Mail: juanconcepcion@earthlink.net

-----Original Message-----
From: owner-fw-1-mailinglist@lists.us.checkpoint.com [mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On Behalf Of Tony Wong
Sent: Friday, June 08, 2001 11:55 AM
To: fw-1-mailinglist@beethoven.us.checkpoint.com
Subject: [FW1] Blocking ICMP

How does blocking ICMP make my firewall more secure?