From owner-freebsd-security  Sun Jan 17 11:59:34 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA21117
          for freebsd-security-outgoing; Sun, 17 Jan 1999 11:59:34 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from echonyc.com (echonyc.com [198.67.15.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA21111
          for <freebsd-security@FreeBSD.ORG>; Sun, 17 Jan 1999 11:59:33 -0800 (PST)
          (envelope-from benedict@echonyc.com)
Received: from localhost by echonyc.com (8.9.1/8.9.1) with ESMTP id OAA05652;
	Sun, 17 Jan 1999 14:59:26 -0500 (EST)
Date: Sun, 17 Jan 1999 14:59:26 -0500 (EST)
From: Snob Art Genre <benedict@echonyc.com>
Reply-To: ben@rosengart.com
To: "N. N.M" <madrapour@hotmail.com>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: Small Servers - ICMP Redirect
In-Reply-To: <19990117094320.20052.qmail@hotmail.com>
Message-ID: <Pine.GSO.4.05.9901171458140.22702-100000@echonyc.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, 17 Jan 1999, N. N.M wrote:

> 1) Might it be any problem in connectivity and services, if I block all 
> traffic to (TCP/UDP) Small servers like echo, chargen, .... on firewall?

Not a problem, go ahead.
 
> 2) About ICMP redirect messages, as I learned they could be used to make 
> our network disconnected and somthing. What's the way to prevent this 
> kind of attack? Does blocking this kind of ICMP on firewall and routers 
> cause any problem in connectivity and system behavior?

I would block these messages from entering my network, absolutely.


 Ben

"You have your mind on computers, it seems." 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message