Network Security: Detailed info on Re: Removing ping/icmp from a network

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Basics

[Top] [All Lists]

Re: Removing ping/icmp from a network

from [Mark Owen] Network Security

[Permanent Link]

Subject:	Re: Removing ping/icmp from a network
Date:	Tue, 25 Mar 2008 16:04:35 -0400

On Tue, Mar 25, 2008 at 3:39 PM, Fabio Fagundes
<fabio.fagundes@gmail.com> wrote:

Hi all,

Please consider the risk of an intruder using ICMP as a Covert Channel
(http://en.wikipedia.org/wiki/Covert_channel).

Should one configure corporate routers to inspect and to rewrite ICMP
packets to avoid / reduce this risk ?

Regards,
Fabio.


ICMP packets are fairly small and transparent and by adding any
additional information to them would make them malformed and obvious.
Given that ICMP traffic can easily stand out from other traffic, an
intruder would probably be more likely to utilize TCP and a common
service, such as SSL.

For the security of my network, I would be more inclined to monitor
for excess or malformed ICMP traffic instead of blocking it.


-- 
Mark Owen

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Removing ping/icmp from a network, Secure This RE: Removing ping/icmp from a network, Hopke, Greg Re: Removing ping/icmp from a network, Mark Owen Message not available Re: Removing ping/icmp from a network, Mark Owen <= Re: Removing ping/icmp from a network, Fabio Fagundes RE: Removing ping/icmp from a network, Ramsdell, Scott Re: Removing ping/icmp from a network, Ansgar -59cobalt- Wiechers RE: Removing ping/icmp from a network, Ramsdell, Scott Re: Removing ping/icmp from a network, Ansgar -59cobalt- Wiechers Re: Removing ping/icmp from a network, Ansgar -59cobalt- Wiechers Re: Removing ping/icmp from a network, Jon R. Kibler Re: Removing ping/icmp from a network, Secure This DoD aproved disk wiping tool, JP Vicente RE: DoD aproved disk wiping tool, Timmothy Lester

Previous by Date:	Protecting Client Identity, brookerj
Next by Date:	Re: ISSMP Certificate, Ali, Saqib
Previous by Thread:	Re: Removing ping/icmp from a network, Mark Owen
Next by Thread:	Re: Removing ping/icmp from a network, Fabio Fagundes
Indexes:	[Date] [Thread] [Top] [All Lists]