Re: ICMP Ping and Group Policy Update

From: Paul Robichaux (paul_at_ROBICHAUX.NET)
Date: 10/01/03

  • Next message: Ken Hoover: "Re: ICMP Ping and Group Policy Update" 
    Date:         Wed, 1 Oct 2003 10:13:21 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Block ICMP packets with length 92 and you're golden. Blocking all ICMP
    causes other problems, as you note; it's equivalent to blocking all, say,
    TCP trafffic in that it improves your security while degrading your
    functionality.

    > From: Information Security <InformationSecurity@FEDERATEDINV.COM>
    > Reply-To: Windows NTBugtraq Mailing List <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
    > Date: Tue, 30 Sep 2003 11:00:54 -0400
    > To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    > Subject: ICMP Ping and Group Policy Update
    >
    > In response to Nachi, we blocked ICMP Pings to & from our VPN. However,
    > it appears that this also has disabled group policy updates for remote
    > VPN users. We ran network traces and saw the ICMP packets, I think
    > they're part of the negotiation phase where the server tries to
    > determine if the client is on a slow link.
    >
    > I suspect a lot of networks cranked down on ICMP after Nachi. Can
    > anyone else confirm this behavior? Does anyone have a workaround or
    > configuration setting to override/bypass this feature?
    >
    > Thanks!
    >
    > ----
    > Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
    >
    > With a growth rate exceeding 110%, the TICSA security practitioner
    > certification is one of the hottest IT credentials available. And now, for
    > a limited time, you can save 33% off of the TICSA certification exam! To
    > learn more about the TICSA certification, and to register as a TICSA
    > candidate online, just go to
    >
    > http://www.trusecure.com/offer/s0100/
    >
    > ----
    >

    -----
    Wondering as to whether the list is running? The NTBugtraq archives are
    updated first before messages are emailed to subscribers. Check the
    archives first to see if you have missed any messages;

    http://www.ntbugtraq.com/archives

    -----

  • Next message: Ken Hoover: "Re: ICMP Ping and Group Policy Update"

    Relevant Pages

    • ICMP Ping and Group Policy Update
      ... we blocked ICMP Pings to & from our VPN. ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)
    • Re: network problems 7.0-p3: sendto: Operation not permitted
      ... I believe that fix was also just for TCP. ... This indicates a high number of ICMP packets being received. ... This is normal behaviour for a cable modem network; ...
      (freebsd-stable)
    • Re: how to block the ping.?
      ... I see no point in blocking ICMP echo. ... > bash the problem with a big rock, blocking all pings will work. ... > ICMP was an issue with their Cisco router having the ethernet intferface set ...
      (comp.os.linux.networking)
    • Re: ICMP flood - how to cure?
      ... > to the network it began to send out the ICMP packets again. ... Monitor [included with Windows] from Control Panel, ...
      (comp.security.firewalls)
    • Re: [Full-Disclosure] Transamericana.org
      ... icmp packets. ... > I've been doing some research on creating covert channels using icmp ... > packets and a bounce server and so far everything worked fine. ... > bounce server using icmp packets. ...
      (Full-Disclosure)