NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 2000-q2

Subject: [fw-wiz] ICMP blocking on PIX .4.4.1
From: majordomo (listsindifference.org)
Date: Fri Apr 28 2000 - 09:53:02 CDT

Next message: Anastasia Soudbinina: "Re: [fw-wiz] Napster Access"
Previous message: hans-erik.skyttbergboxer.se: "[fw-wiz] DNS in a NAT:ed DMZ ?"
In reply to: Jim Seymour: "Re: [fw-wiz] ICMP blocking on PIX .4.4.1"
Next in thread: Jeffery.Gieserminnesotamutual.com: "Re: [fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: majordomo: "[fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: Jim Seymour: "Re: [fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: dominik.ratajskicentrelink.gov.au: "Re: [fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: GibsonBgruntal.com: "RE: [fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: GibsonBgruntal.com: "RE: [fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: Jeff B Boles: "RE: [fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: David Ashwood: "RE: [fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: GibsonBgruntal.com: "RE: [fw-wiz] ICMP blocking on PIX .4.4.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
> Allowing ICMP (or any connection-less protocol, such as UDP) *through*
> the firewall is another issue entirely. Connection-less protocols are
> not safe. Cannot be made safe. Other than perhaps allowing syslog
> from the router to a syslog host, specifically, I don't see any
> particular reason to allow any UDP through a firewall.

Doesn't DNS use udp? As for the icmp issue, I agree with you.

K.J.

Next message: Anastasia Soudbinina: "Re: [fw-wiz] Napster Access"
Previous message: hans-erik.skyttbergboxer.se: "[fw-wiz] DNS in a NAT:ed DMZ ?"
In reply to: Jim Seymour: "Re: [fw-wiz] ICMP blocking on PIX .4.4.1"
Next in thread: Jeffery.Gieserminnesotamutual.com: "Re: [fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: majordomo: "[fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: Jim Seymour: "Re: [fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: dominik.ratajskicentrelink.gov.au: "Re: [fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: GibsonBgruntal.com: "RE: [fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: GibsonBgruntal.com: "RE: [fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: Jeff B Boles: "RE: [fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: David Ashwood: "RE: [fw-wiz] ICMP blocking on PIX .4.4.1"
Reply: GibsonBgruntal.com: "RE: [fw-wiz] ICMP blocking on PIX .4.4.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]