Re: Port 8 Echo Request - Should I allow on my Firewall?

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 10/17/03


Date: Fri, 17 Oct 2003 16:02:04 -0400

Inbound ICMP should always be blocked. Actually, *all* unneeded ports should
always be blocked.

Wayne wrote:
> Hi
>
> My checkpoint firewall is constantly blocking requests on
> port 8 Echo Request. The sources of these echo requests
> are numerous. However, I notice several of the source IP's
> occur in my log more than once.
>
> From what I've read, port 8 Echo Request is port of the
> ICMP protocol, which is part of IP. It can be used for
> good and bad purposes. It is good in such a way that a
> network admin can detect the Operating System of a unknown
> new node on the network. It is bad in such a way that a
> hacker can create a "map" of my network to prepare his DOS
> attack.
>
> I don't manually use ICMP to discover new nodes on my
> network.
>
> So, should I block incoming connections on port 8 Echo
> Request?
>
> Thanks
>
> Wayne



Relevant Pages

  • Re: ssh on ping port?
    ... REQUEST and receives ICMP ECHO REPLY. ... Please do not confuse an icmp packet with a tcp and/or udp packet. ... The icmp protocol do NOT use the notation of ports, instead the icmp protocol is divided into different types where echo request is type 8 and echo reply is type 0. ... Both will use port 7 if that is what /etc/services says to use. ...
    (alt.os.linux)
  • Re: Survive without ICMP?
    ... in case of a echo request and echo reply, ... is to receive an ICMP Type 3 Code 3 (Port unreachable). ... > connections that already have a previous connection. ...
    (comp.security.firewalls)
  • Re: ipfw-ntad-jail
    ... > Ok, so I setup IPFW and NATd on my freeBSD 4.5-RELEASE box, ... > host (dagobah) ... > allow ftp (port 21) ... > add 00600 allow icmp from any to any icmptypes 3 ...
    (FreeBSD-Security)
  • Re: Survive without ICMP?
    ... ICMP resides above IP protocol, ... it receives a UDP or TCP packet on port 0 would be packets ... ICMP Type 3 Code 3 (Port unreachable). ... when it receives a TCP packet to a forbidden port which may ...
    (comp.security.firewalls)
  • Malicious use of grc.com
    ... ShieldsUpis an application developed by Steve Gibson of Gibson ... Research Corporation that allows a web user to request a remote port scan ... ShieldsUp happily scans the other box while returning the result set into ...
    (NT-Bugtraq)