Re: [fw-wiz] ICMP destination unreachable messages

From: Chunduru Rama Krishna Prasad (rkp@intotoinc.com)
Date: 04/17/03

Next message: Ben Nagy: "RE: [fw-wiz] commercial va"

Previous message: SimonChan@lifeisgreat.com.sg: "RE: [fw-wiz] what to turn on for solaris auditing"
In reply to: Max Enders: "[fw-wiz] ICMP destination unreachable messages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Chunduru Rama Krishna Prasad <rkp@intotoinc.com>
To: Max Enders <Max.Enders@watchguard.com>
Date: Thu, 17 Apr 2003 09:19:42 +0530

Hi all,

       A. Find out the original connection session from ICMP error message.
       B. Do some checks, make sure the number of ICMP error messages are
            less than the packets sent out.
       C. Do rate limiting.
       Maintaing original IP identification numbers for matching with ICMP inner
       ip header IDs may be too much of processing and might require good storage.

Max Enders wrote:

>Hello,
>
>I'm curious to know how firewalls handle duplicate ICMP destination unreachable messages. How should replayed packets be denied? It seems like the two best options are rate limiting and inspecting the IPID. Any information is appreciated.
>
>Thanks,
>Max Enders
>_______________________________________________
>firewall-wizards mailing list
>firewall-wizards@honor.icsalabs.com
>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Ben Nagy: "RE: [fw-wiz] commercial va"

Previous message: SimonChan@lifeisgreat.com.sg: "RE: [fw-wiz] what to turn on for solaris auditing"
In reply to: Max Enders: "[fw-wiz] ICMP destination unreachable messages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]