ICMP ingress/egress filtering

From: Fernando Gont <fernando@xxxxxxxxxxx>
Date: Tue, 23 May 2006 05:24:16 -0300

Folks,

Some time ago I had written an explanation about filtering of ICMP error messages for some friend of mine. Given that there seems to be some confusion on the subject (that's the discussion I get from discussions in other forums), I have made the text publicly available.

You can find it at: http://www.gont.com.ar/papers/icmp-errors

The orginial paper on ICMP attacks (which includes a section on ICMP filtering) can be obtained at: http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html

(The last revision was published in February 2006)

Kindest regards,

--
Fernando Gont
e-mail: fernando@xxxxxxxxxxx || fgont@xxxxxxx
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

Prev by Date: RE: Reporting Tools
Next by Date: Re: Tons of Source port 80 to random Dest Port Traffic
Previous by thread: MS Audit logs
Next by thread: Split Tunneling
Index(es):
- Date
- Thread

Relevant Pages

Re: IPSEC firewall
... > The IPSec filters will only set filters regarding secure ... You can set the ICMP ... that uses rras filtering driver without actual rras service) ...
(microsoft.public.win2000.security)
Re: [Full-Disclosure] ICMP (was: daily internet traffic report)
... using a decent stateful firewall allows one to get rid of ICMP ... filtering by associating ICMP errors to existing connections. ... IP connections are recognized as such (i.e. RELATED state) and thus can ... I'm your friendly neighbourhood signature virus. ...
(Full-Disclosure)
Re: [Full-Disclosure] ICMP (was: daily internet traffic report)
... using a decent stateful firewall allows one to get rid of ICMP ... > filtering by associating ICMP errors to existing connections. ... > IP connections are recognized as such (i.e. RELATED state) and thus can ...
(Full-Disclosure)
Re: What am I seeing?
... A fraggle attack is not an ICMP based attack. ... you should be filtering all reserved and RFC 1918 networks ... hardening Cisco routers in general a good white paper is Bastion Routers ... ICMP Echo Reply packets) by configuring your routers to Do The Right ...
(Incidents)
Re: Filtering incoming IP Protocols doesnt work ?
... Tcp/Ip filtering has its uses but is not well understood. ... As Roger said consider ipsec filtering. ... system, can filer ICMP, and can also manage outbound traffic. ... --- Steve ...
(microsoft.public.win2000.security)