| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] Re: ICMP
Greetings!
Depending on what you want, just disabling Smurf Attacks (and associate Fraggle which connects to the network address -
instead of the broadcast as Smurf does), you need to block ICMP echo requests to network base and network broadcast
addresses.
So first define three "network" objects for the network you want to protect against Smurf but want to be able to PING. For
this LAN (or DMZ) network being 10.10.10.0/24 this most probably will be:
Network_smurf = (workstation) 10.10.10.255
Network_fraggl = (workstation) 10.10.10.0
Network_net = (network) 10.10.10.0 mask 255.255.255.0
Then add among the first rules a rule stating:
Any --> Network_smurf / Network_fraggl --- ICMP echo-request -- DROP
Any --> Network_net --- ICMP echo-request -- ACCEPT
You will want to disable the implicit rule as stated by Ken below.
Bye
Volker
[email protected] schrieb:
> Paul,
>
> 1) Log into the GUI as an FW1 Administrator.
> 2) Select the File Menu then Open
> 3) Highlight the CORRECT "Available Security Policy" and click on Open. I
> would suggest that you do a File Save-As and give the Security Policy a new name
> so that your regular administrator can check any changes you may make to the
> policy.
> 4) Select the Policy Menu then Properties.
> 5) On the "Security Policy" tab, deselect "Accept ICMP:" under the "Implied
> Rules" section
> 6) On the "Access Lists" tab, deselect "Accept ICMP:"
> 7) Click OK
> 8) Select the Policy Menu then Verify
> 9) Select the Policy Menu then Install
>
> If the "Accept ICMP:" options are already deselected then you will probably have
> some rules that have a service which has an icon with the word "icmp" on top of
> a graphic that looks like a spanner (or wrench depending on what part of the
> world you are from) and a service name something like "echo-request" or
> "echo-reply".
>
> If you are running FW1 Ver 4.0 or greater then you should be able to right-click
> the rule and select "Disable Rule". If you are running FW1 Ver 3.x then you
> will have to delete the offending rules.
>
> Once you have done this then do items 8) & 9) from above. This should propogate
> the rules out to your FW device and drop any ICMP packets from traversing it.
>
> I hope this helps.
>
> Regards,
>
> Ken...
>
> *************************************************************************************************************************
> Hello all,
>
> I am a newbie with this software and have been thrust into a situation that
> requires me to write a rule for my firewall denying all ICMP traffic. Our
> regular administrator is unreachable and we have no tech support. I need to
> lock this down to stop a "Smurf" attack on my network. If anyone might be
> kind enough to lend me a hand I would appreciate it. I'm sure it's easy for
> people who are well versed in the software, but I am looking at it for the
> first time today! I'm sure that rule may already be in place, but need to
> verify that. I figured out the basics on how to create the rule, but I'm not
> sure where the objects should be placed and what, if any, advanced features
> I need to invoke.
>
> Thanks,
>
> Paul
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
--
Volker Tanger <[email protected]>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
