Necessary ICMP traffic and the SANS/FBI top 20 Vulnerabilities
J.Mayne at tcu.edu
Mon Jun 16 14:25:47 GMT 2003
In the SANS/FBI top 20 vulnerabilities they suggest blocking incoming ICMP echo requests and outgoing replies as well as blocking outgoing destination unreachable (except for fragmentation needed) messages.
Given all the other ICMP messages available to intruders I am curious if a better approach would not be to allow only fragmentation needed (3-4) and source quench in/out of your network. It seems that any others should only be passing between nodes inside your network.
Is this not true?
Sr. Network Engineer
Texas Christian University
j.mayne at tcu.edu
More information about the unisog