Re: how to disable ICMP: "Echo Request" (ping)
From: Greg Metcalfe (metcalfegregdelete_at_qwest.net)
Date: Sat, 23 Jul 2005 15:03:36 -0700
Moe Trin wrote:
> In the Usenet newsgroup comp.os.linux.security, in article
> <Hk1Ee.102$CS2.email@example.com>, Greg Metcalfe wrote:
>>What you're trying to avoid is called a Path MTU Discovery Black Hole. You
>>can find out quite a bit about it with a quick google. I know there was a
>>good paper on it from a Usenix LISA conference a couple or three years
> 1191 Path MTU discovery. J.C. Mogul, S.E. Deering. Nov-01-1990.
> (Format: TXT=47936 bytes) (Obsoletes RFC1063) (Status: DRAFT
> 1435 IESG Advice from Experience with Path MTU Discovery. S. Knowles.
> March 1993. (Format: TXT=2708 bytes) (Status: INFORMATIONAL)
> 2923 TCP Problems with Path MTU Discovery. K. Lahey. September 2000.
> (Format: TXT=30976 bytes) (Status: INFORMATIONAL)
>>Basically, you should be allow ICMP type 3 code 4. These packets are safe.
> You may want to look at the Bugtraq mailing list for the past couple of
> days. There is "a discussion" of a denial of service attack relating to
> this. If you don't want to subscribe, grab a list of news groups from
> your news server and look for the word bugtraq - there are several groups
> that mirror the lists, such as mailing.unix.bugtraq or muc.lists.bugtraq.
>>Pretty much nothing else in ICMP is.
> I don't know if I'd go quite that far.
> Old guy
Thanks for the bugtraq references. I haven't been by there in a few days. A
couple of ICMP references from SANS (first two are the ones I was thinking
of a couple of days ago):
Descriptions of many ICMP attacks, by type:code
Another good reference to ICMP to Bad Things that can be done via ICMP. I
would argue that some of the items here can useful, though. The old
argument of any tool may be used for god or ill.