Date: Sun, 17 Jan 1999 16:56:19 -0500 (EST) From: Snob Art Genre <benedict@echonyc.com> To: "Daniel O'Callaghan" <danny@hilink.com.au> Cc: Justin Wolf <jjwolf@bleeding.com>, "N. N.M" <madrapour@hotmail.com>, freebsd-security@FreeBSD.ORG Subject: Re: Small Servers - ICMP Redirect Message-ID: <Pine.GSO.4.05.9901171656001.15573-100000@echonyc.com> In-Reply-To: <Pine.BSF.3.96.990118085344.15297A-100000@enya.clari.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 18 Jan 1999, Daniel O'Callaghan wrote: > On Sun, 17 Jan 1999, Justin Wolf wrote: > > > >> 2) About ICMP redirect messages, as I learned they could be used to make > > >> our network disconnected and somthing. What's the way to prevent this > > >> kind of attack? Does blocking this kind of ICMP on firewall and routers > > >> cause any problem in connectivity and system behavior? > > > > > >I would block these messages from entering my network, absolutely. > > > > Keep in mind that flatly blocking all ICMP messages will prevent traces and > > pings both in and out of your network. It will also effect certain > > services... The best way to tailor this is to block everything and loosen > > it up as necessary to keep things from breaking. > > It will also block useful things like source-quench. ICMP exists for a > reason. Read the question again, people. Ben "You have your mind on computers, it seems." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.05.9901171656001.15573-100000>