--openmail-part-14c50c8a-00000001 Content-Type: text/plain; charset=US-ASCII; name="BDY.TXT" Content-Disposition: inline; filename="BDY.TXT" Content-Transfer-Encoding: 7bit How could blocking all ICMP cause a problem? I have worked with two rather large networks that blocked all ICMP at the router level. Were we just lucky not to have any problems? -----Original Message----- From: wwebb [mailto:wwebbat_private] Sent: Tuesday, January 11, 2000 7:19 PM To: firewall-wizards Cc: wwebb Subject: Blocking ICMP with ipchains I've heard that it is not wise to block all ICMP operations. Such being the case, which of these ICMP operations are safe to block without causing serious problems: echo-reply (pong) destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS-host-redirect echo-request (ping) router-advertisement router-solicitation time-exceeded (ttl-exceeded) ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply Thanks for any assistance. --openmail-part-14c50c8a-00000001 Content-Type: application/ms-tnef; name="WINMAIL.DAT" Content-Disposition: attachment; filename="WINMAIL.DAT" Content-Transfer-Encoding: base64 eJ8+IgumAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5N aWNyb3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEDkAYADAAAAAEAAAADABcAAQAA ABwAAQOQBgAMAAAAAQAAAAMANgAAAAAAOgABBIABACAAAABSRTogQmxvY2tpbmcgSUNNUCB3 aXRoIGlwY2hhaW5zAK4KAQOQBgAgAAAAAQAAAAIBCzABAAAAEAAAAMWGUrOkw9MRr9wIAAn8 9FLJCAEDkAYAJAAAAAEAAAADAPaoCCAGAAAAAADAAAAAAAAARgAAAABShQAA8BMAALAEAQOQ BgAsAAAAAQAAAB4A96gIIAYAAAAAAMAAAAAAAABGAAAAAFSFAAABAAAABAAAADguNQBrBAED kAYAJAAAAAEAAAALAPioCCAGAAAAAADAAAAAAAAARgAAAAAGhQAAAAAAAGsDAQOQBgAkAAAA AQAAAAMA+agIIAYAAAAAAMAAAAAAAABGAAAAAAGFAAAAAAAAXwMBA5AGACQAAAABAAAACwD6 qAggBgAAAAAAwAAAAAAAAEYAAAAADoUAAAAAAAB1AwEDkAYAJAAAAAEAAAADAPuoCCAGAAAA AADAAAAAAAAARgAAAAAQhQAAAAAAAHADAQOQBgAkAAAAAQAAAAMA/KgIIAYAAAAAAMAAAAAA AABGAAAAABGFAAAAAAAAcgMBA5AGACQAAAABAAAAAwD9qAggBgAAAAAAwAAAAAAAAEYAAAAA GIUAAAAAAAB6AwEDkAYALAAAAAEAAAAeAP6oCCAGAAAAAADAAAAAAAAARgAAAAA2hQAAAQAA AAEAAAAAAAAAtgMBA5AGACwAAAABAAAAHgD/qAggBgAAAAAAwAAAAAAAAEYAAAAAN4UAAAEA AAABAAAAAAAAALgDAQOQBgAsAAAAAQAAAB4AAKkIIAYAAAAAAMAAAAAAAABGAAAAADiFAAAB AAAAAQAAAAAAAAC7AgEDkAYAJAAAAAEAAAALAAGpCyAGAAAAAADAAAAAAAAARgAAAAAAiAAA AAAAAHUCAQOQBgAkAAAAAQAAAAsAAqkLIAYAAAAAAMAAAAAAAABGAAAAAAWIAAAAAAAAewIB A5AGAAwAAAABAAAAAwAGECKuIVJdAQEDkAYADAAAAAEAAAADAAcQVAQAAHMAAQOQBgB4AAAA AQAAAB4ACBABAAAAZQAAAEhPV0NPVUxEQkxPQ0tJTkdBTExJQ01QQ0FVU0VBUFJPQkxFTT9J SEFWRVdPUktFRFdJVEhUV09SQVRIRVJMQVJHRU5FVFdPUktTVEhBVEJMT0NLRURBTExJQ01Q QVRUSEVST1UAAAAA/x0BA5AGAAwAAAABAAAAAwAQEAAAAAAkAAEDkAYADAAAAAEAAAADABEQ AQAAACYAAQOQBgAsAAAAAQAAAB4AcAABAAAAHAAAAEJsb2NraW5nIElDTVAgd2l0aCBpcGNo YWlucwBpCgEDkAYAKAAAAAEAAAACAXEAAQAAABYAAAABv16nYqE3r5c5ypIR04F5ABCkApaJ AAAZCgEDkAYADAAAAAEAAAADAC4AAAAAADIAAQOQBgAMAAAAAQAAAAsAKwAAAAAANwABA5AG AAwAAAABAAAACwACAAEAAAAPAAEDkAYAOAEAAAEAAAACATEAAQAAACcBAABQQ0RGRUIwOQAB AAIAdgAAAAAAAAA4obsQBeUQGqG7CAArKlbCAABFTVNNREIuRExMAAAAAAAAAAAbVfogqmYR zZvIAKoAL8RaDAAAAERJUFJPRDEAL289Y2l0aWNvcnAvb3U9RE9NREkvY249UmVjaXBpZW50 cy9jbj1wc2NoYXdhY2tlcgAuAAAAAAAAAPbopOfENtIRr7EIAAn89FIBAAuesTW9INIRr54I AAn89FIAAAAIoj0AAAAAAAAuAAAAAAAAAPbopOfENtIRr7EIAAn89FIBAAuesTW9INIRr54I AAn89FIAAAAIoj4AABAAAADFhlKzpMPTEa/cCAAJ/PRSIAAAAFJFOiBCbG9ja2luZyBJQ01Q IHdpdGggaXBjaGFpbnMAAGVbAQOQBgBEAAAAAQAAAB4AQhABAAAAMQAAADwwQjlFQjEzNUJE MjBEMjExQUY5RTA4MDAwOUZDRjQ1MkQ1QzFGNkBESVBST0QxPgAAAADkCwEDkAYADAAAAAEA AAADAN4/r28AAD8CAQOQBgAQAAAAAQAAAEAAOQAQ5L5ip16/AVMEAQOQBgAMAAAAAQAAAAMA 8T8JBAAAQQEBA5AGAAwAAAABAAAAAwAZQAEAAABeAAEDkAYADAAAAAEAAAADAP0/5AQAACgC AQOQBgBgAAAAAQAAAAIB+T8BAAAATgAAAAAAAADcp0DIwEIQGrS5CAArL+GCAQAAAAAAAAAv Tz1DSVRJQ09SUC9PVT1ET01ESS9DTj1SRUNJUElFTlRTL0NOPVBTQ0hBV0FDS0VSAAAAJhYB A5AGACQAAAABAAAAHgD4PwEAAAASAAAAU2NoYXdhY2tlciwgUGV0ZXIAAACxBwEDkAYAYAAA AAEAAAACAfs/AQAAAE4AAAAAAAAA3KdAyMBCEBq0uQgAKy/hggEAAAAAAAAAL089Q0lUSUNP UlAvT1U9RE9NREkvQ049UkVDSVBJRU5UUy9DTj1QU0NIQVdBQ0tFUgAAACgWAQOQBgAkAAAA AQAAAB4A+j8BAAAAEgAAAFNjaGF3YWNrZXIsIFBldGVyAAAAswcBA5AGABAAAAABAAAAQAAH MAIuumKnXr8BiQMBA5AGABAAAAABAAAAQAAIMLbyvmKnXr8BBgUBA5AGAEQAAAABAAAAHgA1 EAEAAAAxAAAAPDBCOUVCMTM1QkQyMEQyMTFBRjlFMDgwMDA5RkNGNDUyRDU3QkZDQERJUFJP RDE+AAAAAOkLAQOQBgAQAAAAAQAAAEAASACAirZjp16/AXEEAQOQBgA0AAAAAQAAAB4AA6nw bYbqifHREbVYCAAJsUnaAAAAAAEAAAABAAAACgAAAElTTzg4NTlfMQAAAEsLAQOQBgA4AAAA AQAAAB4ABKnwbYbqifHREbVYCAAJsUnaAAAAAAIAAAABAAAADgAAAEIuMDUuMjAuMDAuMDEA AAB6CwEDkAYAIAAAAAEAAAACARQ0AQAAABAAAABUlKHAKX8QG6WHCAArKiUXPgUBA5AGABgA AAABAAAAHgA9AAEAAAAFAAAAUkU6IAAAAABTAQEDkAYADAAAAAEAAAADAIAQ/////5AEAQkA BAACAAAAAAAAAAEDkAYADAAAAAEAAAALACMAAQAAADAAAQOQBgAMAAAAAQAAAAsAKQABAAAA NgABBJAGANgBAAABAAAAEgAAAAMAADAAAAAACwAPDgAAAAACAf8PAQAAAEkAAAAAAAAAgSsf pL6jEBmdbgDdAQ9UAgAAAAAnZmlyZXdhbGwtd2l6YXJkcycAU01UUABmaXJld2FsbC13aXph cmRzQG5mci5uZXQAAAAAHgACMAEAAAAFAAAAU01UUAAAAAAeAAMwAQAAABkAAABmaXJld2Fs bC13aXphcmRzQG5mci5uZXQAAAAAHgABMAEAAAATAAAAJ2ZpcmV3YWxsLXdpemFyZHMnAAAC AfYPAQAAAAQAAAAAAAAAAwAVDAEAAAACAQswAQAAAB4AAABTTVRQOkZJUkVXQUxMLVdJWkFS RFNATkZSLk5FVAAAAB4AIDoBAAAAEwAAACdmaXJld2FsbC13aXphcmRzJwAACwBAOgEAAAAD AP4PBgAAAAMAADkAAAAAAwBxOgAAAAADAP9fAAAAAAMA/V8BAAAAHgD2XwEAAAARAAAAZmly ZXdhbGwtd2l6YXJkcwAAAAACAfdfAQAAAEkAAAAAAAAAgSsfpL6jEBmdbgDdAQ9UAgAAAAAn ZmlyZXdhbGwtd2l6YXJkcycAU01UUABmaXJld2FsbC13aXphcmRzQG5mci5uZXQAAAAAkmI= --openmail-part-14c50c8a-00000001--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:57:44 PDT