[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Which ICMP packets to filter, which to allow to pass?

On 11 Dec 99, at 16:11, Ralf G. R. Bergs wrote:
> currently I'm allowing EVERYTHING but timestamp-requests. What else can I
> safely drop?
> Or the other way round: Which packets do I absolutely need? I then could drop
> everything else.

I would suggest you keep Pong(0), destination unreachable(3) ,
Source Quench(4), Time exceed(11) and Parameter problem(12).

Everything else deny and log. It is possible that you explicit must
deny icmp redirects from your gateway or you will go nuts when
analysing your logs :).

Best Regards Johan

Johan Hagström           Data Ingenjör / KTH
Direkt: 0498 - 202732    johan.hagstrom@intron.se
Växel:  0498 - 202700    Fax: 0498 - 214640
Intron Service AB        http://www.gotlandica.com

"Security is not a solution. It is a way of life."

Reply to: