On Fri, May 04, 2007 at 07:26:32AM -0600, Open Phugu wrote: > On 5/4/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > >* Chad M Stewart <[EMAIL PROTECTED]> [2007-04-25 19:31]: > >> On Apr 25, 2007, at 11:05 AM, Allen Theobald wrote: > >> >pass in inet proto icmp all icmp-type $icmp_types keep state > >> > >> This can be used as a covert communication channel. Allowing > >> internal IPs to send/receive ping is bad. > > > >that is the biggest bullshit i have read on this list in some time. > > > >if you deny icmp, you shall burn in hell
> You may burn in hell, but ICMP can be used to infiltrate and exfiltrate > data: > http://www.cs.uit.no/~daniels/PingTunnel/ Yes, but so can DNS and pretty much any data you let out of your network. Consider encoding data in send time if you have both of those covered. See the .sig for a better solution; due to an oversight by the developers, those man pages are not found on a stock OpenBSD system, but Google will be happy to help. Joachim -- TFMotD: knife, axe, cutter, chainsaw(8) - tools to improve network performance via SNIP
