Re: [OT] Filtrar paquetes ICMP

To: <debian-user-spanish@lists.debian.org>
Subject: Re: [OT] Filtrar paquetes ICMP
From: "Alfonso" <alfonso_listas@yahoo.es>
Date: Fri, 28 Sep 2001 12:29:21 +0200
Message-id: <000001c14847$dd24aa10$0100a8c0@nuevo>
References: <000e01c146bd$f605e7f0$0100a8c0@nuevo> <20010926231453.C19008@genus.cyberchat2000.com>

Hola, parece una buena opción, espero más opiniones...

Por un sitio:
[RFC1700]

0Echo Reply[RFC792]
1Unassigned[JBP]
2Unassigned[JBP]
3Destination Unreachable[RFC792]
4Source Quench[RFC792]
5Redirect[RFC792]
6Alternate Host Address[JBP]
7Unassigned[JBP]
8Echo[RFC792]
9Router Advertisement[RFC1256]
10Router Selection[RFC1256]
11Time Exceeded[RFC792]
12Parameter Problem[RFC792]
13Timestamp[RFC792]
14Timestamp Reply[RFC792]
15Information Request[RFC792]
16Information Reply[RFC792]
17Address Mask Request[RFC950]
18Address Mask Reply[RFC950]
19Reserved (for Security)[Solo]
20-29Reserved (for Robustness Experiment)[ZSu]
30Traceroute[RFC1393]
31Datagram Conversion Error[RFC1475]
32Mobile Host Redirect[David Johnson]
33IPv6 Where-Are-You[Bill Simpson]
34IPv6 I-Am-Here[Bill Simpson]
35Mobile Registration Request[Bill Simpson]
36Mobile Registration Reply[Bill Simpson]
37Domain Name Request[Simpson]
38Domain Name Reply[Simpson]
39SKIP[Markson]
40Photuris[Simpson]
41-255Reserved[JBP]


Por otro:

# ipchains -h icmp
ipchains 1.3.9, 17-Mar-1999

Valid ICMP Types:
echo-reply (pong)
destination-unreachable
   network-unreachable
   host-unreachable
   protocol-unreachable
   port-unreachable
   fragmentation-needed
   source-route-failed
   network-unknown
   host-unknown
   network-prohibited
   host-prohibited
   TOS-network-unreachable
   TOS-host-unreachable
   communication-prohibited
   host-precedence-violation
   precedence-cutoff
source-quench
redirect
   network-redirect
   host-redirect
   TOS-network-redirect
   TOS-host-redirect
echo-request (ping)
router-advertisement
router-solicitation
time-exceeded (ttl-exceeded)
   ttl-zero-during-transit
   ttl-zero-during-reassembly
parameter-problem
   ip-header-bad
   required-option-missing
timestamp-request
timestamp-reply
address-mask-request
address-mask-reply

----- Original Message -----
From: "Hue-Bond" <hue@cyberchat2000.com>
To: <debian-user-spanish@lists.debian.org>
Sent: Wednesday, September 26, 2001 11:14 PM
Subject: Re: [OT] Filtrar paquetes ICMP


Alfonso, miércoles 26 de septiembre de 2001 a la(s) 21:03:41 +0200:
>
>En un firewall, qué paquetes ICMP se deberían dejar pasar y cuales no? ¿hay
>algún riesgo si se dejan pasar los "echo request" para que la gente sepa si
>está viva la máquina?
En input tengo todos bloqueados excepto los de tipos 0, 3, 11,
14, 16 y 18. Sobre el tipo 5 tengo dudas. En output permito todo.
Más info en el RFC 792 :^).

--
David Serrano <cyberchat2000.com@hue> - Linux Registered User #87069



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Reply to:

References:
- [OT] Filtrar paquetes ICMP
  - From: "Alfonso" <alfonso_listas@yahoo.es>
- Re: [OT] Filtrar paquetes ICMP
  - From: Hue-Bond <hue@cyberchat2000.com>

Prev by Date: Re: Arranque de instalación en peazo-maquina
Next by Date: Re: Roto ? (el que?)
Previous by thread: Re: [OT] Filtrar paquetes ICMP
Next by thread: Actualizando a woody.
Index(es):
- Date
- Thread