Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Removing ping/icmp from a network

from [Murda Mcloud] Network Security [Permanent Link]
Subject: RE: Removing ping/icmp from a network
Date: Thu, 27 Mar 2008 08:50:05 +1000 
I think the important thing here is where Strykar says 'supposedly secure'.
What are the risks that you can see on that network? Are there enough risks
to tip it past the 'trusted' point.
Granted, 'trusted' is just a label, and not a metric as such here.
I know the word has a meaning in the 'inside of the perimeter and not the
DMZ' sense but what else does it mean to people?

Scott Ramsdell said:

Even on my trusted LAN, I only allow echo request/echo reply.


Which made me wonder, is that a 'trusted' LAN then? Different networks have
different needs and different risks to address. 
When does it stop being trusted? Because it's outside a firewall? Behind a
router? Because I don't know the people using the clients on the LAN? What
does everyone else think? 
Obviously I don't trust some of my users not to mistakenly or purposefully
access risky websites or services-otherwise I wouldn't have controls in
place to mitigate that. But they are on my 'trusted' LAN.
So trusted seems a fuzzy concept here; a human word for a human situation.

Personally, I'd find it very difficult to do my job without Mike Muss'
awesome little program, ping. So blocking ICMP is not going to happen on the
inside...of my, uh, trusted LAN.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Strykar
Sent: Wednesday, March 26, 2008 10:30 AM
To: security-basics@securityfocus.com
Subject: RE: Removing ping/icmp from a network

You don't discourage ICMP on a network, that's uninformed Jim the farmer
cum
Sysad talk.


- S

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On
Behalf Of Secure This
Sent: Tuesday, March 25, 2008 10:00 PM
To: security-basics@securityfocus.com
Subject: Removing ping/icmp from a network

I have a variety of clients with data centres who all make use of
icmp/ping to monitor their servers/appliances/devices (often with poorly
configured snmp versions 1 and 2).

Could anybody kindly advise me of tools and strategies for minimising or
removing the use of icmp/ping on a supposedly secure network?

Thanks in advance
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Removing ping/icmp from a network, Craig Wright
Next by Date:  Re: File sharing with Bittorrent: what possible security threads?, Razi Shaban
Previous by Thread:  RE: Removing ping/icmp from a network, Strykar
Next by Thread:  RE: Removing ping/icmp from a network, Murda Mcloud
Indexes:  [Date] [Thread] [Top] [All Lists]