OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: deny incoming icmp
From: Richard Martin (dmartinorigen.com)
Date: Thu Aug 17 2000 - 08:23:10 CDT

Correct me if I am wrong, but wouldn't a single rule be faster?

   /sbin/ipfw add pass icmp from ${oip} to any icmptypes 0,3,4,8,11,12 # outward
   /sbin/ipfw add pass icmp from any to ${oip} icmptypes 0,3,4,11,12 # inward

( icmp type 4 is source quench)
and you may not want to log every ping, but know what isn't getting in

    /sbin/ipfw add deny log icmp from any to any

>
> Try with those:
>
> ${fwcmd} add allow log icmp from any to $ip via $eth out
> ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 0 <- Echo Reply
> ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 3 <- Destination Unreachable
> ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 8 <- Echo
> ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 11 <- Time Exceded
> ${fwcmd} add allow log icmp from any to $ip via $eth in icmp 12 <- Parameter Problem
>
> See also http://www.sys-security.com/archive/papers/ICMP_Scanning.pdf.
>
> Bye,
> Manf
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message 

--
Richard Martin       dmartinorigen.com

OriGen, inc.         Tel: +1 512 474 7278
2525 Hartford Rd.    Fax: +1 512 708 8522
Austin, TX 78703     http://www.origen.com

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message