RE: [FW1] Blocking ICMP

["Jason Maley" <jmaley@FW1-NOSPAMcornerstones.com>]

I have to agree with Steve.  It would be easy enough to do an nmap scan and turn off a ping probe.  On the flip side, anytime you can trim down access to the firewall, you are at least somewhat raising the bar (keeping in mind that the benefits my not outweigh the consequences).

-----Original Message-----
From: owner-fw-1-mailinglist@lists.us.checkpoint.com [mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On Behalf Of Steven Schuster
Sent: Monday, June 11, 2001 9:00 AM
To: 'juanconcepcion@earthlink.net'; Tony Wong; fw-1-mailinglist@beethoven.us.checkpoint.com
Subject: RE: [FW1] Blocking ICMP

Juan,

I would have to disagree with that.  There are ways to run scans on machines that don't response to ping.  It makes the scan run longer, but it will look for any and all ports on all addresses within the range you set.

 

Steve Schuster
Midwest ISO
Security Analyst

-----Original Message-----
From: Juan Concepcion [mailto:juanconcepcion@earthlink.net]
Sent: Saturday, June 09, 2001 8:10 PM
To: Tony Wong; fw-1-mailinglist@beethoven.us.checkpoint.com
Subject: RE: [FW1] Blocking ICMP

People can't attack what they can't see/detect.

 

Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE
E-Mail: juanconcepcion@earthlink.net

-----Original Message-----
From: owner-fw-1-mailinglist@lists.us.checkpoint.com [mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On Behalf Of Tony Wong
Sent: Friday, June 08, 2001 11:55 AM
To: fw-1-mailinglist@beethoven.us.checkpoint.com
Subject: [FW1] Blocking ICMP

How does blocking ICMP make my firewall more secure?