Re: Survive without ICMP?

From: Jens Hoffmann (jh_at_bofh.de)
Date: 05/20/04


Date: Thu, 20 May 2004 15:53:41 +0200

Hi,

Purl Gurl <purlgurl@purlgurl.net> wrote:
>> Port 0 and ICMP are not the same. really.
> From a security point of view, traditionally most
> icmp hack attempts are aimed at port 0 typically.

Once again: ICMP has no ports. Tehre are types. You have ports with
TCP and UDP, not with ICMP.

> I not completely familiar with the mechanics of
> this and why attempts often appear on this port.

You are not familiar with the TCP/IP protocol family.
Read Tanenbaum, Stevens, Cheswick.

> My belief is port 0 is often used or was often
> used in the past to enable usage of telnet
> programs and custom socket programs by those
> looking to "map" a server via information
> returned by selected icmp packets.

What are you talking about?

> Completely shutting down icmp transactions,
> I not sure but what this could cause some
> handshake problems; ready, not ready states.

Read Stevens. Read Cheswick.

> To deny all icmp transactions would be a
> bit of overkill and may cause more problems
> than are resolved.

Definitely.

> Which method is best, closing port 0 or shutting
> down all icmp transactions, this is a system
> specific issue and user issue.

Closing port 0 will do nothing related to icmp.

> for internet transactions because of icmp use
> being a "primitive" level initial contact for
> verifying status states for transactions.

You really don't know, what ICMP is, don't you?

Greetings,
    Jens