North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Firewall stateful handling of ICMP packets

  • From: Sean Donelan
  • Date: Wed Dec 03 17:15:28 2003

You could drop ICMP packets at your firewall if the firewalls properly
implemented stateful inspection of ICMP packets.  The problem is few
firewalls include ICMP responses in their statefull analysis.  So you are
left with two bad choices, permit "all" ICMP packets or deny "all" ICMP
packets.