Re: [nsp] icmp blocking

From: Rob Thomas (robt@cymru.com)
Date: Thu Mar 28 2002 - 11:39:55 EST


Hi, Birsen.

] I was looking for information about denying ICMP packets accross the
] backbone. What is the efficient/reccomended way of doing it? What are the

Hmm, I wouldn't block all ICMP. This can lead to other problems. ICMP
isn't just the hacker's protocol. :) Rate limiting is good, and I have
an example of that in my Secure IOS Template:

http://www.cymru.com/~robt/Docs/Articles/secure-ios-template.html

I have some thoughts on the filtering of ICMP at the edge here:

http://www.cymru.com/~robt/Docs/Articles/icmp-messages.html

I hope this helps!

Thanks,
Rob.

--
Rob Thomas
http://www.cymru.com/~robt
ASSERT(coffee != empty);



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:09 EDT