Re: FW-1 gateway sends ICMP packets
From: lolofe (lolofe@email.com)Date: 05/30/02
- Next message: Bob Fryer: "Re: Smoothwall 0.9.9 and Zyxel 642R ADSL PortForwad?"
- Previous message: : "Re: How to select the firewall"
- In reply to: Eirik Seim: "Re: FW-1 gateway sends ICMP packets"
- Next in thread: Eirik Seim: "Re: FW-1 gateway sends ICMP packets"
- Reply: Eirik Seim: "Re: FW-1 gateway sends ICMP packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: lolofe@email.com (lolofe) Date: 30 May 2002 06:30:18 -0700
eirik@mi.uib.no (Eirik Seim) wrote in message news:<slrnafasbd.5nl.eirik@kain.mi.uib.no>...
> > So my question is : how can I prevent the firewall gateway from
> > sending such an ICMP packet to the originating host ? Is it related to
> > point 1-) ?
>
> Yes, it does sound like its related. I understand perfectly why you
> dont want to _pass_ all ICMP traffic, but why dont you want your
> firewall to send time-exceeded? Any real reason, or does it simply
> seem to be a Good Thing?
In its current configuration, the firewall can't be pinged.
It will also stop traceroutes to the destination, so it can't be
detected this way.
And its open ports are not visible from the Internet.
So, the firewall gateway is nearly "invisible" from the internet, but
these 'ICMP TTL exceeded' packets permit to detect its presence (and
its IP address).
- Next message: Bob Fryer: "Re: Smoothwall 0.9.9 and Zyxel 642R ADSL PortForwad?"
- Previous message: : "Re: How to select the firewall"
- In reply to: Eirik Seim: "Re: FW-1 gateway sends ICMP packets"
- Next in thread: Eirik Seim: "Re: FW-1 gateway sends ICMP packets"
- Reply: Eirik Seim: "Re: FW-1 gateway sends ICMP packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
