Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Removing ping/icmp from a network

from [Murda Mcloud] Network Security [Permanent Link]
Subject: RE: Removing ping/icmp from a network
Date: Thu, 27 Mar 2008 09:42:56 +1000 
Apologies for mistakenly attributing the 'supposedly secure' point and the
OP to Strykar when I meant Secure This.


-----Original Message-----
From: Murda Mcloud [mailto:murdamcloud@bigpond.com]
Sent: Thursday, March 27, 2008 8:50 AM
To: 'Strykar'; 'security-basics@securityfocus.com'
Subject: RE: Removing ping/icmp from a network

I think the important thing here is where Strykar says 'supposedly
secure'.
What are the risks that you can see on that network? Are there enough
risks to tip it past the 'trusted' point.
Granted, 'trusted' is just a label, and not a metric as such here.
I know the word has a meaning in the 'inside of the perimeter and not the
DMZ' sense but what else does it mean to people?

Scott Ramsdell said:

Even on my trusted LAN, I only allow echo request/echo reply.


Which made me wonder, is that a 'trusted' LAN then? Different networks
have different needs and different risks to address.
When does it stop being trusted? Because it's outside a firewall? Behind
a router? Because I don't know the people using the clients on the LAN?
What does everyone else think?
Obviously I don't trust some of my users not to mistakenly or
purposefully access risky websites or services-otherwise I wouldn't have
controls in place to mitigate that. But they are on my 'trusted' LAN.
So trusted seems a fuzzy concept here; a human word for a human
situation.

Personally, I'd find it very difficult to do my job without Mike Muss'
awesome little program, ping. So blocking ICMP is not going to happen on
the inside...of my, uh, trusted LAN.

-----Original Message-----
From: listbounce@securityfocus.com

[mailto:listbounce@securityfocus.com]

On Behalf Of Strykar
Sent: Wednesday, March 26, 2008 10:30 AM
To: security-basics@securityfocus.com
Subject: RE: Removing ping/icmp from a network

You don't discourage ICMP on a network, that's uninformed Jim the

farmer

cum
Sysad talk.


- S

-----Original Message-----
From: listbounce@securityfocus.com

[mailto:listbounce@securityfocus.com]

On
Behalf Of Secure This
Sent: Tuesday, March 25, 2008 10:00 PM
To: security-basics@securityfocus.com
Subject: Removing ping/icmp from a network

I have a variety of clients with data centres who all make use of
icmp/ping to monitor their servers/appliances/devices (often with

poorly

configured snmp versions 1 and 2).

Could anybody kindly advise me of tools and strategies for minimising

or

removing the use of icmp/ping on a supposedly secure network?

Thanks in advance
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: File sharing with Bittorrent: what possible security threads?, Razi Shaban
Next by Date:  DoD aproved disk wiping tool, JP Vicente
Previous by Thread:  RE: Removing ping/icmp from a network, Murda Mcloud
Next by Thread:  Re: Removing ping/icmp from a network, Jason Thompson
Indexes:  [Date] [Thread] [Top] [All Lists]