beautypg.com

Filtering icmp packets – USRobotics NETServer/8 User Manual

Page 129

background image

Packet Filters 8-15

Filtering ICMP packets

ICMP packets can only be filtered by type. So, the only option
is:

type

The ICMP message types are listed below. Note that most of
them are error messages necessary for the correct operation of
TCP/IP:

Type

Description

0

Echo Reply (Ping)

3

Destination Unreachable

4

Source Quench

5

Redirect (change route)

8

Echo Request (Ping)

11

Time Exceeded for a Datagram

12

Parameter Problem on a Datagram

13

Timestamp Request

14

Timestamp Reply

15

Information Request

16

Information Reply

17

Address Mask Request

18

Address Mask Reply

If you are concerned about security, filter out incoming type 5
messages. Sending ICMP redirects is an easy way for a vandal
to change your routing tables.

deny icmp type 5

Although PING is useful for troubleshooting, it allows a poten-
tial intruder to obtain a map of your network by systematically
pinging every possible address. If you think this is a security
risk, then filter out incoming type 8 packets or outgoing echo
replies (type 0).

This manual is related to the following products:
See also other documents in the category USRobotics Computer Accessories: