On 5/4/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
* Chad M Stewart <[EMAIL PROTECTED]> [2007-04-25 19:31]:
> On Apr 25, 2007, at 11:05 AM, Allen Theobald wrote:
> >pass in inet proto icmp all icmp-type $icmp_types keep state
>
> This can be used as a covert communication channel. Allowing
> internal IPs to send/receive ping is bad.
that is the biggest bullshit i have read on this list in some time.
if you deny icmp, you shall burn in hell
You may burn in hell, but ICMP can be used to infiltrate and exfiltrate data:
http://www.cs.uit.no/~daniels/PingTunnel/
