Re: Survive without ICMP?

From: Jens Hoffmann (jh_at_bofh.de)
Date: 05/20/04


Date: Thu, 20 May 2004 15:53:41 +0200

Hi,

Purl Gurl <purlgurl@purlgurl.net> wrote:
>> Port 0 and ICMP are not the same. really.
> From a security point of view, traditionally most
> icmp hack attempts are aimed at port 0 typically.

Once again: ICMP has no ports. Tehre are types. You have ports with
TCP and UDP, not with ICMP.

> I not completely familiar with the mechanics of
> this and why attempts often appear on this port.

You are not familiar with the TCP/IP protocol family.
Read Tanenbaum, Stevens, Cheswick.

> My belief is port 0 is often used or was often
> used in the past to enable usage of telnet
> programs and custom socket programs by those
> looking to "map" a server via information
> returned by selected icmp packets.

What are you talking about?

> Completely shutting down icmp transactions,
> I not sure but what this could cause some
> handshake problems; ready, not ready states.

Read Stevens. Read Cheswick.

> To deny all icmp transactions would be a
> bit of overkill and may cause more problems
> than are resolved.

Definitely.

> Which method is best, closing port 0 or shutting
> down all icmp transactions, this is a system
> specific issue and user issue.

Closing port 0 will do nothing related to icmp.

> for internet transactions because of icmp use
> being a "primitive" level initial contact for
> verifying status states for transactions.

You really don't know, what ICMP is, don't you?

Greetings,
    Jens



Relevant Pages

  • Re: ipfw-ntad-jail
    ... > Ok, so I setup IPFW and NATd on my freeBSD 4.5-RELEASE box, ... > host (dagobah) ... > allow ftp (port 21) ... > add 00600 allow icmp from any to any icmptypes 3 ...
    (FreeBSD-Security)
  • Re: Survive without ICMP?
    ... ICMP resides above IP protocol, ... it receives a UDP or TCP packet on port 0 would be packets ... ICMP Type 3 Code 3 (Port unreachable). ... when it receives a TCP packet to a forbidden port which may ...
    (comp.security.firewalls)
  • Re: Survive without ICMP?
    ... > an Orion modem, Linksys programmable router, three machines ... > Linksys router responding to port 0 requests. ... > a timestamp ICMP did make it through to our hack testing. ... > the ICMP packet for a netmask. ...
    (comp.security.firewalls)
  • Re: Keine ICMP Replys mit NAT unter Windows 2003 Server SR2
    ... Windows wohl nichts anderes übrigbleiben als "Port and Address ... Protokollen wie ICMP, die keine Ports haben... ... Und wieso funktionierts dann bei uns allen? ... Port Address Translation extends the notion of translation one step ...
    (microsoft.public.de.german.windows.server.networking)
  • Re: Survive without ICMP?
    ... > Purl Gurl wrote: ... icmp hack attempts are aimed at port 0 typically. ... Completely shutting down icmp transactions, ...
    (comp.security.firewalls)