lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: barrie at reboot-robot.net (Barrie Dempster)
Subject: ICMP (was: daily internet traffic report)

On Sun, 2004-10-17 at 16:35 -0600, James Edwards wrote:
> 
> That is great till you want to run a server behind that firewall.
<snip>

If the server is behind the firewall the firewall will be aware of the
connection passing through and will therefore regard the packets as
legitimate.

I agree with you though blocking ICMP isn't much towards security
although as said before if we block everything and whitelist we are
closer to a secure system.
(The whitelist here being, RELATED connections)

-- 
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041018/56af568a/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ