[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

icmp (8/0)



Hi,
this question may be off-topic (because it deals with security),
although I don't think so:

I configured my router to deny all the ICMPs, except for very
specific ones (those needed for traceroute, etc.). For example, it
is impossible to ping me or (for me) to ping others. The specific
ICMP that this message deals with, is (8/0) (what is this? I
forgot!). This way prove itself, since I notice again and again
that network scanners scan all my IPs from the lowest to the
highest, and try to send ICMP (8/0) to them. On the other hand,
some innocent clients (such as the FTP client built into Netscape
Communicator 4 for Win95), need this ICMP too, and without it they
stop the session and claim that connection refused. Two questions:

1. What is ICMP 8/0?  Why is it so important for hackers? Is there
   any vulnerability with it?  Is this potential hole relevant for
   us?  (or only for specific OSs, or for old kernels/services/
   etc.)?  If I allow its access only to my server, and this server
   runs the latest Linux with the latest patches, do I endanger
   anything?

2. Why, the hell, do some FTP clients need ICMP 8/0? Is there a way
   to bypass the problem (i.e. to allow these clients to do what
   they need to do, but to deny the intruders)?

My router is Cisco 1005 with IOS 11.2. My server runs RedHat 5.0
(to be replaced with 5.1 in a few days), with patches for the
relevant services and potential holes (e.g. BIND).

Thanks in advance,
-- 
Eli Marmor
marmor@elmar.co.il
El-Mar Software Ltd.