Re: Survive without ICMP?
From: Jens Hoffmann (jh_at_bofh.de)
Date: Thu, 20 May 2004 15:53:41 +0200
Purl Gurl <firstname.lastname@example.org> wrote:
>> Port 0 and ICMP are not the same. really.
> From a security point of view, traditionally most
> icmp hack attempts are aimed at port 0 typically.
Once again: ICMP has no ports. Tehre are types. You have ports with
TCP and UDP, not with ICMP.
> I not completely familiar with the mechanics of
> this and why attempts often appear on this port.
You are not familiar with the TCP/IP protocol family.
Read Tanenbaum, Stevens, Cheswick.
> My belief is port 0 is often used or was often
> used in the past to enable usage of telnet
> programs and custom socket programs by those
> looking to "map" a server via information
> returned by selected icmp packets.
What are you talking about?
> Completely shutting down icmp transactions,
> I not sure but what this could cause some
> handshake problems; ready, not ready states.
Read Stevens. Read Cheswick.
> To deny all icmp transactions would be a
> bit of overkill and may cause more problems
> than are resolved.
> Which method is best, closing port 0 or shutting
> down all icmp transactions, this is a system
> specific issue and user issue.
Closing port 0 will do nothing related to icmp.
> for internet transactions because of icmp use
> being a "primitive" level initial contact for
> verifying status states for transactions.
You really don't know, what ICMP is, don't you?