Re: TCP/IP vulnerability

From: Gabor Lenart (
Date: 2005-04-18 11:10:28

On Mon, Apr 18, 2005 at 10:26:26AM +0200, Baltissen, GJPAA (Ruud) wrote:
> > Is the tcp/ip stack for the c64 at all vulnerable to the
> > flaw in ICMP?
> Sorry for answering a bit late but I was away for a week on a course for
> Cisco routers. And there was ICMP a part of the lessons as well.
> I don't know if there is a flaw in ICMP but the problem you are refering to
> is the use of ICMP itself. ICMP can be compared with email: normal email
> traffic is accepted, SPAM isn't. Normal ICMP traffic is acceptable but a
> continous stream of ICMP commands isn't. And most of the time there are
> hackers behind those streams. And that's why nowadays more and more routers
> start to ban ICMP. Most firewalls don't accept it anymore at all.

For a real TCP/IP implementation, you can't ban ICMP traffic at once,
because sometimes it means unusable TCP communication, since some ICMP
packets are used to signal the peer about something. There is a common
misstake to disable icmp somewhere which results in quite stange networking
problems ie see description of "fragmentation-needed" icmp message ...
Of course you CAN disable eg incoming icmp echo request packets (the so
calles "ping"), but not the WHOLE icmp traffic ... Of course for a very
simple tcp/ip stack implementation is another story ...

But it's very important to note, that banning icmp in once is a BIG
MISSTAKE which shouldn't be done!

- Gábor

       Message was sent through the cbm-hackers mailing list

Archive generated by hypermail pre-2.1.8.