Necessary ICMP traffic and the SANS/FBI top 20 Vulnerabilities

Mayne, Jim J.Mayne at
Mon Jun 16 14:25:47 GMT 2003

In the SANS/FBI top 20 vulnerabilities they suggest blocking incoming ICMP echo requests and outgoing replies as well as blocking outgoing destination unreachable (except for fragmentation needed) messages.

Given all the other ICMP messages available to intruders I am curious if a better approach would not be to allow only fragmentation needed (3-4) and source quench in/out of your network. It seems that any others should only be passing between nodes inside your network. 

Is this not true?


Jim Mayne
Sr. Network Engineer
Texas Christian University
j.mayne at
(817) 257-6843

More information about the unisog mailing list