On Apr 25, 2007, at 4:19 PM, Tobias Weingartner wrote:
Chad M Stewart wrote:
On Apr 25, 2007, at 11:05 AM, Allen Theobald wrote:
pass in inet proto icmp all icmp-type $icmp_types keep state
This can be used as a covert communication channel. Allowing
internal IPs to send/receive ping is bad.
Bull. Not allowing ICMP is just as bad. Worse actually, as you
are violating RFCs. Quit spreading this FUD.
I did NOT suggest blocking ALL ICMP, just echo-request and echo-
replies from internal hosts to untrusted IPs. Trojans have used
echo-request and echo-reply as a method of covert communication. If
you had read the original post you'd see that $icmp_types was defined
to be echoreq.
I don't this is FUD.
-Chad
