| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1098116568.2534.5.camel@anduril.intranet.cartel-securite.net> From: blancher at cartel-securite.fr (Cedric Blancher) Subject: ICMP (was: daily internet traffic report) Le lun 18/10/2004 ? 17:12, james edwards a ?crit : > > I don't see the reason why it would cause a problem, as firewall is able > > to spot ICMP related to server's IP connections as well... > New connections to the server must be implecitally allowed, as there > is no established state to refer to. I guess that if you want to run a server behind a firewall, then you have to allow some TCP or UDP connections to it... And you only have to deal ICMP stuff for thoses connections, as others are prohibited, and the firewall does this. I really don't see where the problem is. My point is just to show that we do have now solutions to filter ICMP in a smart way that won't break PMTU discovery and stuff that rely on ICMP messages reception... PS : I think we could end this offline, we're far away from original topic :) -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
Powered by blists - more mailing lists