NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] ICMP Stateful or NOT ?



ICMP, statefully inspected, ummm  NO

Check out TCP/IP Illustrated... (i.e. read it......)

There are ~17 types of ICMP messages ( that I know of)

If you want to controll ICMP, YOU will need to setup a rule of your own
devising:
maybe something like this.....

S    D    S                                    A
X    Y    ICMP Echo Request    Allow
Y    X    ICMP Echo Reply        Allow



Date: Wed, 10 Jan 2001 09:59:40 -0500
From: [email protected] (Carl E. Mankinen)
Subject: [FW1] ICMP Stateful or NOT ?

I seem to be reading quite a bit that even 4.X does not use stateful
inspection
for ICMP requests. Is this in fact the case, or has CheckPoint corrected
this
in the latest releases?

For them to say that ICMP packets are harmless and thus do not require
stateful inspection is beyond belief (having my doubts they actually said
this...)
ICMP is a perfect method for tunneling control connections for trojans, or
for sending obscured hashed data containing information you wouldn't like
exposed.



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.