Block traceroute but not ping? This leaves you open to:

1) ICMP echo reply packets with covert data in them waking up zombies that
may be living on your network for use in a DDoS against someone
2) Using your network as a ICMP amplifier or attacking your network with
ICMP from someone's network being used as an amplifier.
3) Other misc. covert data being sent inside ICMP echo requests and/or
replies...

Steve Vawter
UNIX SYSTEM ADMINISTRATOR
Zone Labs, Inc.
1060 Howard Street
San Francisco CA 94103
ph 415-341-8323
fax 415-341-8299
cell 510-409-9184
pager 877-933-0549

-----Original Message-----
From: Jens Benecke [mailto:mail-020519jensbenecke.de]
Sent: Sunday, May 19, 2002 3:40 PM
To: Ceyhun KIRMIZITAS
Cc: focus-mssecurityfocus.com
Subject: Re: About ping request?

On Fri, May 17, 2002 at 09:37:38PM +0300, Ceyhun KIRMIZITAS wrote:

> Hello, My question is about ping request. I want to block ping request
> if it comes from outside and I want to be able to ping other hosts.In
> other words, I want to block all ping request one way only. How can I
> do that? I have been already tried to do something with IPSec, TCP/IP
> filters etc. If there are anyone who know how to to do this, please
> tell me the way.

Hello,

IMHO: blocking ping requests is a common beginner's mistake, or rather,
useless action. If you block ping requests you will make diagnosing your
network harder and some services will run slower.

On the other hand, if you want to block ping requests "for security
reasons", ask yourself: if your systems cannot withstand a simple ICMP
echo request packet, you have a MUCH bigger problem than ping.

Don't block ping. Blocking some other types of ICMP packets (eg.
traceroutes) maybe sensible, but not ping. It just doesn't make sense.

-- 
mfg, Jens Benecke  /// www.hitchhikers.de, www.linuxfaq.de, www.linux.ms
This mail is an attachment? Read http://www.jensbenecke.de/misc/outlook.html

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]