ICMP Packets.uy

tqbf@pobox.com tqbf@pobox.com
Sat, 6 Jun 1998 03:29:25 -0500 (CDT)

>      Inbound Allow:
>      - echo (type 8/code 0)
>      - paramter-problem (12/[0|1])
>      - source-quench (4/0)
>      - ttl-exceeded (11/[0|1])
>      Deny all other inbound ICMP.

I don't understand this at all. You're allowing ECHO and, presumably,
outbound TTL-EXCEEDED messages, which are the most obvious avenues for
information gathering attacks, but not allowing arbitrary unreachable
messages (thus breaking path MTU). 

Additionally, why are you allowing parameter-problem messages? Are you 
allowing your filter to pass packets with IP options? Why?

Thomas H. Ptacek	  The Company Formerly Known As Secure Networks, Inc.
http://www.pobox.com/~tqbf	 "If you're so special, why aren't you dead?"