Hosting Provided By

VS: can pf send icmp protocol unreachables?

From: Toni Heinonen <Toni.Heinonen(at)teleware.fi>
Date: Tue Nov 26 2002 - 12:45:46 EST

Well, I try to look from the viewpoint of the attacker, and for instance nmap's protocol scan lets you what IP protocols the host in question answers to. Of course, it's pretty rare to be attacked through your mobileip software but I wouldn't be surprised if someday someone found a bug in the ESP implementation of a machine or what not.

As far as I know, blocking any other protocol requires an ICMP protocol unreachable (or of course a simple silent drop, but that's the crude way).

-- 
Toni Heinonen, Teleware Oy
  Wireless +358 (40) 836 1815
  Telephone +358 (9) 3434 9123
  toni.heinonen@teleware.fi
  www.teleware.fi

> -----Alkuperäinen viesti-----

> Lähettäjä: Daniel Hartmeier [mailto:daniel@benzedrine.cx] 

> Lähetetty: 26. marraskuuta 2002 19:01

> Vastaanottaja: Toni Heinonen

> Kopio: tech@openbsd.org

> Aihe: Re: can pf send icmp protocol unreachables?

> 

> 

> return-icmp is only honoured for blocked UDP and TCP packets.

Received on Tue Nov 26 12:43:49 2002

This message: [ Message body ]
Next message: Daniel Hartmeier: "Re: VS: can pf send icmp protocol unreachables?"
Previous message: Chris: "sparc64 generic kernel panic"
In reply to Daniel Hartmeier: "Re: can pf send icmp protocol unreachables?"
Next in thread: Daniel Hartmeier: "Re: VS: can pf send icmp protocol unreachables?"
Reply: Daniel Hartmeier: "Re: VS: can pf send icmp protocol unreachables?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:48:27 EDT