Necessary ICMP traffic and the SANS/FBI top 20 Vulnerabilities

Mayne, Jim J.Mayne at tcu.edu
Mon Jun 16 14:25:47 GMT 2003


In the SANS/FBI top 20 vulnerabilities they suggest blocking incoming ICMP echo requests and outgoing replies as well as blocking outgoing destination unreachable (except for fragmentation needed) messages.

Given all the other ICMP messages available to intruders I am curious if a better approach would not be to allow only fragmentation needed (3-4) and source quench in/out of your network. It seems that any others should only be passing between nodes inside your network. 

Is this not true?

Thanks,

Jim Mayne
Sr. Network Engineer
Texas Christian University
j.mayne at tcu.edu
(817) 257-6843



More information about the unisog mailing list