Date: Sun, 17 Jan 1999 12:20:45 -0800 From: "Justin Wolf" <jjwolf@bleeding.com> To: <ben@rosengart.com>, "N. N.M" <madrapour@hotmail.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Small Servers - ICMP Redirect Message-ID: <007701be4256$f01ff740$02c3fe90@cisco.com>
next in thread | raw e-mail | index | archive | help
>> 2) About ICMP redirect messages, as I learned they could be used to make >> our network disconnected and somthing. What's the way to prevent this >> kind of attack? Does blocking this kind of ICMP on firewall and routers >> cause any problem in connectivity and system behavior? > >I would block these messages from entering my network, absolutely. Keep in mind that flatly blocking all ICMP messages will prevent traces and pings both in and out of your network. It will also effect certain services... The best way to tailor this is to block everything and loosen it up as necessary to keep things from breaking. -Justin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007701be4256$f01ff740$02c3fe90>