NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Blocking ICMP

Carl,
 
    I must be losing you somewhere.  Please explain to me how someone would be able to flood any address on your internal network if you are using illegal ip addresses.  From my experiences when we, sitting on the outside network, even try to hit and RFC address a router somewhere along the way sends back a reply message stating that the network is unreachable.  If you're running a network with all routable IP's that can be reached from the outside world then I can understand your point, but if that is the case is this not the reason why you put a firewall between yourself and the outside world.  A properly configured firewall, while not able to provide 100% protection but used in conjunction with the assistance of one or another intrusion detection device, should be able to provide against such attacks.  With these two in place a service connect scan would give you open ports the firewall is listening for on behalf of the internal machines, and once again I say a properly configured FW can help prevent from people being able to exploit these.  
 
   A security policy will only give you ample protection from the people you've kept in mind while configuring it, but of course this is something that we all, as the security minded professionals that we are, always keep in mind, right.
 
Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE
E-Mail: [email protected]
-----Original Message-----
From: [email protected] [mailto:[email protected]]On Behalf Of Carl E. Mankinen
Sent: Monday, June 11, 2001 8:40 AM
To: [email protected]; [email protected]
Subject: RE: [FW1] Blocking ICMP

If it's just a DDoS, they can flood a single address (in use or not) on your subnet and
have the affect of killing your entire subnet if you can't handle the traffic load.
 
There are other ways of scanning/finding hosts than just using ICMP.
 
1) you can just do a service connect scan.
 
2) you can dig into their DNS zone and see what you can find. Often people will use a
naming scheme which you can infer other hostnames from. etc. Sometimes they
might just return ALL records...
-----Original Message-----
From: [email protected] [mailto:[email protected]]On Behalf Of Juan Concepcion
Sent: Saturday, June 09, 2001 9:10 PM
To: Tony Wong; [email protected]
Subject: RE: [FW1] Blocking ICMP

People can't attack what they can't see/detect.
 

Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE
E-Mail: [email protected]

-----Original Message-----
From: [email protected] [mailto:[email protected]]On Behalf Of Tony Wong
Sent: Friday, June 08, 2001 11:55 AM
To: [email protected]
Subject: [FW1] Blocking ICMP

How does blocking ICMP make my firewall more secure?


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.