[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] ICMP Stateful or NOT ?
ICMP, statefully inspected, ummm NO Check out TCP/IP Illustrated... (i.e. read it......) There are ~17 types of ICMP messages ( that I know of) If you want to controll ICMP, YOU will need to setup a rule of your own devising: maybe something like this..... S D S A X Y ICMP Echo Request Allow Y X ICMP Echo Reply Allow Date: Wed, 10 Jan 2001 09:59:40 -0500 From: [email protected] (Carl E. Mankinen) Subject: [FW1] ICMP Stateful or NOT ? I seem to be reading quite a bit that even 4.X does not use stateful inspection for ICMP requests. Is this in fact the case, or has CheckPoint corrected this in the latest releases? For them to say that ICMP packets are harmless and thus do not require stateful inspection is beyond belief (having my doubts they actually said this...) ICMP is a perfect method for tunneling control connections for trojans, or for sending obscured hashed data containing information you wouldn't like exposed. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|