Re: port scanners/ICMP port unreachable

Paul Ferguson (paul@hawksbill.sprintmrn.com)
Tue, 28 Mar 1995 15:50:01 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Oliver Friedrichs: "Re: port scanners/ICMP port unreachable"
Previous message: Brian Utterback: "Re: port scanners/ICMP port unreachable"
In reply to: Oliver Friedrichs: "Re: port scanners/ICMP port unreachable"
Next in thread: Oliver Friedrichs: "Re: port scanners/ICMP port unreachable"

> 
> On Mon, 27 Mar 1995, Paul Ferguson wrote:
> 
> > Why not simply use a 'sane' implementation of ICMP class filtering,
> > such as offered in cisco IOS 10.3, to simply block specific classes
> > of ICMP traffic?
> 
> I don't think you understand what he meant.  He means detecting someone 
> scanning your host.  Say with strobe/iss/satan/tcp_probe etc..  look for 
> ICMP port unreachable packets leaving your host.
> 
> - Oliver
> 
> 

Actually, I did understand what he meant. My reply was to to simply
use a method to drop all ICMP traffic prior to entry.

- paul

_______________________________________________________________________________
Paul Ferguson                         
US Sprint                                          tel: 703.689.6828
Managed Network Engineering                   internet: paul@hawk.sprintmrn.com
Reston, Virginia  USA                             http://www.sprintmrn.com

Next message: Oliver Friedrichs: "Re: port scanners/ICMP port unreachable"
Previous message: Brian Utterback: "Re: port scanners/ICMP port unreachable"
In reply to: Oliver Friedrichs: "Re: port scanners/ICMP port unreachable"
Next in thread: Oliver Friedrichs: "Re: port scanners/ICMP port unreachable"