Re: ICMP (Ping)

• Previous message: Ansgar Wiechers: "Re: ICMP (Ping)"
• In reply to: Paul Kurczaba: "ICMP (Ping)"
• Next in thread: Jay Woody: "RE: ICMP (Ping)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 04 Sep 2003 14:56:42 +0200
To: Security Basics <security-basics@securityfocus.com>

ICMP ECHO (or PING) is a common type of packet sent through the net to
verify if a remote host is available and the medium lags to reach it.
Its data is formed by a sequence of letter (abcdef...) according to the
numer of bytes. As you can see the payload doesn't include malicious
code. Anyway it is possible to perform an attack. The most known
techniques are Ping of death (packet size is greater than 64Kb) and Ping
flooding (an enormous mass of packet sent in a small period of time).
If your users need to use ping to verify your server is online, then set
a specific firewall rule like the following to filter all packets except
your users'ones.

iptables -P INPUT DROP
iptables -A INPUT -p ICMP --icmp-type ping -s trust.host -d
your.firewall -j ACCEPT
iptables -A INPUT -p ICMP -j DROP

Luca

Paul Kurczaba wrote:
> Are there any security issues for allowing a firewall/router to respond to
> Ping from the internet?
>
> -Paul Kurczaba

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

• Previous message: Ansgar Wiechers: "Re: ICMP (Ping)"
• In reply to: Paul Kurczaba: "ICMP (Ping)"
• Next in thread: Jay Woody: "RE: ICMP (Ping)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]