[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Antwort: [FW1] OT - newbie question about PING
It seems that stateful inspection of ICMP is somewhat of a legend; everybody's heard about it, but nobody's actually seen it ... Cheers, Anders :) > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: 9. juli 2001 10:14 > To: Chontzopoulos, Dimitris; > [email protected] > Cc: [email protected] > Subject: RE: Antwort: [FW1] OT - newbie question about PING > > > > > Dimitris, > > I agree with your assessment, that icmp can be used for all > sorts of nasty > things. > > The solution I usually implement is this: Allow only certain > users/hosts to > use outbound ping and allow only the necessary icmp reply > packets back in. > There's a FAQ at www.phoneboy.com on how to set this up exactly. > > I think, since version 4.0 FW-1 is even able to do stateful > inspection for > imcp?! > > > Cheers > Ralf G. > > > > z+z+z+z+z++z++z+z+z+++z+z++z++z+++z+++z+++z++z+z+z+z++z > Ralf Guenthner, Senior IT Security Consultant > Zentric GmbH & Co. KG - IT Security & Groupware Solutions > Office Phone: +49-6101-556060 > Fax: +49-6101-556065 > mailto:[email protected] > http://www.zentric.com > +z+z+z+z+z++z++z+z+z+++z+z++z++z+++z+++z+++z++z+z+z+z++z > > > > ============================================================== > ================== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================== > ================== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|