ICMP Vulnerability
Dean Anderson
dean at av8.com
Tue Apr 12 14:37:16 UTC 2005
On Tue, 12 Apr 2005, Hannigan, Martin wrote:
> There's been a rumor on the street that an unnamed large router vendor
> is releasing something around this today as well:
>
> http://www.niscc.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
Is this something new to do with source-quench, or is it the ages-old
source-quench attack?
From: Dean Anderson <dean at av8.com>
To: Rudi Starcevic <tech at wildcash.com>
Cc: netfilter at lists.netfilter.org
Subject: Re: Essential ICMP
No, that would be wildly wrong.
Necessary messages: (never block)
3 Destination Unreachable
(block code 4 and break PATH MTU)
(other codes are "Nice")
Good Messages: (never harmful)
11 Time to live Exceeded
Nice messages: (sometimes harmful)
4 Source Quench
8/0 Echo Request/Reply
12 Parameter Problem
13/14 Timestamp Request/Reply
15/16 Information Request/Reply
Dangerous (ought to be blocked, unless you know you need it;
in that case tightly restricted)
5 Redirect
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
More information about the NANOG
mailing list