From owner-freebsd-questions Tue Dec 11 6:19: 3 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by hub.freebsd.org (Postfix) with ESMTP id 30D5837B416 for ; Tue, 11 Dec 2001 06:18:53 -0800 (PST) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.11.6/8.11.6) with ESMTP id fBBEHnP95050; Tue, 11 Dec 2001 11:17:54 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Tue, 11 Dec 2001 11:17:49 -0300 (ART) From: Fernando Gleiser To: krzysztof Cc: Subject: Re: IPF Firewall Question In-Reply-To: <20011211140850.14764.qmail@web14801.mail.yahoo.com> Message-ID: <20011211111314.R93662-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 11 Dec 2001, krzysztof wrote: > Hello, > > Are there any security concerns about passing in > icmp traffic to my network? I do not use NAT so > people at best will be able to map out live machines > on my network. Is this correct, or should I be > concerned about possible attacks through ICMP? The > only ICMP traffic I pass in is icmp-type 0,8, & 11. If you let icmp echo to your broadcast address. your network can act as a "smurf amplifier". See http://www.cert.org/advisories/CA-1998-01.html for details. Fer > Any pointers are greatly appreciated. > > Thank You > Chris > > > __________________________________________________ > Do You Yahoo!? > Check out Yahoo! Shopping and Yahoo! Auctions for all of > your unique holiday gifts! Buy at http://shopping.yahoo.com > or bid at http://auctions.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message