Ritalin Posted October 10, 2003 Share Posted October 10, 2003 Just checking, i was told a long times that those icmp packets were harmless and it seemd someone said it too on this forum. It's too big of an issue to just let it go (if ever it is harmful). So are they really harmless and configure kerio to let them all in? Ritalin Link to comment Share on other sites More sharing options...
John Veteran Posted October 10, 2003 Veteran Share Posted October 10, 2003 for the most part, they are harmless. that doesn't mean they can't hurt you... but there are other, more "fun" ways for people to do things to your computer/network. Link to comment Share on other sites More sharing options...
MxxCon Posted October 10, 2003 Share Posted October 10, 2003 PING is an example of ICMP packet. you don't have to stupidly paranoid to strive to make your connection unpingable.... and in "moderation" ICMP packets are harmless. obviously if you are flooded with ping requests or "host unreachable" messages(old irc 'click' attack :D ) that could be a problem, but same could be said with TCP or UDP packets.. i'm pretty sure you can config kerio to just ignore them.. Link to comment Share on other sites More sharing options...
Samoa Posted October 11, 2003 Share Posted October 11, 2003 PING is an example of ICMP packet.you don't have to stupidly paranoid to strive to make your connection unpingable.... and in "moderation" ICMP packets are harmless. obviously if you are flooded with ping requests or "host unreachable" messages(old irc 'click' attack :D ) that could be a problem, but same could be said with TCP or UDP packets.. i'm pretty sure you can config kerio to just ignore them.. yes you can indeed. Kerio Rocks!!! :woot: Link to comment Share on other sites More sharing options...
John Veteran Posted October 11, 2003 Veteran Share Posted October 11, 2003 most firewalls can ignore ICMP... :huh: Link to comment Share on other sites More sharing options...
Rathamon Posted October 12, 2003 Share Posted October 12, 2003 blocking ICMP also confuses most portscanners Link to comment Share on other sites More sharing options...
Ritalin Posted October 12, 2003 Author Share Posted October 12, 2003 PING is an example of ICMP packet.you don't have to stupidly paranoid to strive to make your connection unpingable.... and in "moderation" ICMP packets are harmless. obviously if you are flooded with ping requests or "host unreachable" messages(old irc 'click' attack :D ) that could be a problem, but same could be said with TCP or UDP packets.. i'm pretty sure you can config kerio to just ignore them.. yes you can indeed. Kerio Rocks!!! :woot: Hmm how? Ritalin Link to comment Share on other sites More sharing options...
preducer Posted October 12, 2003 Share Posted October 12, 2003 maybe you should check out kerio site for the instructions.. i know sygate have it at their site because im using sygate. Link to comment Share on other sites More sharing options...
WS togermano Posted October 12, 2003 Share Posted October 12, 2003 isn't black ice the best firewall i know it was at a time Link to comment Share on other sites More sharing options...
Ritalin Posted October 12, 2003 Author Share Posted October 12, 2003 (edited) there were numerous threads about which firewall is the best and overall it's between Norton personal firewall, ZoneAlarm Pro and Kerio Personal Firewall. EDIT: By ignoring, do you mean making a rule that permits all ICMP thingies to pass? Edited October 12, 2003 by Ritalin Link to comment Share on other sites More sharing options...
John Veteran Posted October 12, 2003 Veteran Share Posted October 12, 2003 no, ignoring means doing nothing with it, acting like it's not there. therefore, the firewall should drop the ICMP packets if it's configured to ignore them. Link to comment Share on other sites More sharing options...
Ritalin Posted October 13, 2003 Author Share Posted October 13, 2003 how do i do that? as far as i see it, i can only deny/permit them... BTW, now that i set it to permit all the time (made a rule...), how do i change it? Link to comment Share on other sites More sharing options...
bud1979 Posted October 13, 2003 Share Posted October 13, 2003 In the most secure way the best thing to do is to just drop the packet, when you deny the sender gets a messege saying it was denied, thus saying that you have a host there. IF you just drop the packet it looks like there is no host there and thus could lead to a hacker passing you buy. Not for sure if you can drop packets with a sw firewall or not. I know you can do it with a PIX, but that is all that i have personal experience with. Link to comment Share on other sites More sharing options...
LAD Posted October 13, 2003 Share Posted October 13, 2003 If you see a lot of outgoing ICMP packets, might wanna run a virus scan on the system, cause this W32/Nachi.worm does that. http://vil.nai.com/vil/content/v_100559.htm Link to comment Share on other sites More sharing options...
MxxCon Posted October 14, 2003 Share Posted October 14, 2003 In the most secure way the best thing to do is to just drop the packet, when you deny the sender gets a messege saying it was denied, thus saying that you have a host there. IF you just drop the packet it looks like there is no host there and thus could lead to a hacker passing you buy. and when you are droping ICMP but you have ports open you are not achieving anything. :whistle: Link to comment Share on other sites More sharing options...
Recommended Posts