Re: It seems every firewall is slagged as snake oil. So how should it be done?



In message <Uuvul.28396$cu.19613@xxxxxxxxxxxxxxxxxxxxxxxxxx> Lie Ryan
<lie.1296@xxxxxxxxx> was claimed to have wrote:

Ansgar -59cobalt- Wiechers wrote:
- A system that doesn't have any open ports, because it doesn't have any
services listening on the external interface, doesn't need a personal
firewall to protect the system from direct inbound attacks.

A system is always vulnerable to ICMP DOS unless the firewall is
instructed to ignore and ignore ICMP packets.

You do know that ICMP does a heck of a lot more then echo
request/responses, much of which you probably want, at least if you
enjoy reliable connectivity.
.



Relevant Pages

  • Re: Strange PPPoe problem
    ... The new service uses PPPoe - not a problem, or so I thought - I ... have PPPoe on my firewall. ... And if I do PPPoe on the provided D-Link router, ... like icmp 3/4 packets are being dropped somewhere. ...
    (Debian-User)
  • Re: network problems 7.0-p3: sendto: Operation not permitted
    ... This usually indicates firewall rules on the local machine, ... This indicates a high number of ICMP packets being received. ... 1 into my cable modem and nother into a linksys 16port vpn router. ... 01:47:12.196000 arp who-has 181.131.216.67.181.static.hargray.net tell ...
    (freebsd-stable)
  • Re: ICMP timestamp request is allowed from arbitrary hosts
    ... There is no registry entry that specifically blocks individual ICMP types on ... enable the Windows Firewall on the XP machines and configure the rules to do ... Point is Windows XP has the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Am I being hacked?
    ... > incoming TCP packets are 'Allowed' on those ports. ... The term "stealth" is misleading. ... The online services that claim to test your firewall can be misleading ... but block normal ICMP echo requests. ...
    (comp.security.firewalls)
  • iptables troubles
    ... I am trying to get a firewall running, but I am no networking expert. ... # ICMP Host-unreachable deny ... # We dont want ICMP Dead Errors ...
    (Debian-User)