* Open Phugu <[EMAIL PROTECTED]> [2007-05-04 15:36]: > On 5/4/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > >* Chad M Stewart <[EMAIL PROTECTED]> [2007-04-25 19:31]: > >> On Apr 25, 2007, at 11:05 AM, Allen Theobald wrote: > >> >pass in inet proto icmp all icmp-type $icmp_types keep state > >> > >> This can be used as a covert communication channel. Allowing > >> internal IPs to send/receive ping is bad. > > > >that is the biggest bullshit i have read on this list in some time. > > > >if you deny icmp, you shall burn in hell > You may burn in hell, but ICMP can be used to infiltrate and exfiltrate > data: > http://www.cs.uit.no/~daniels/PingTunnel/
so can tcp, so we shall block all tcp so can udp, so we shall block all udp so can water pipes, so let's deny access to all toilets for everybody so can underwear, so let us require everybody to work naked -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
