From: Gabor Lenart (lgb_at_lgb.hu)
Date: 2005-04-18 11:10:28
On Mon, Apr 18, 2005 at 10:26:26AM +0200, Baltissen, GJPAA (Ruud) wrote: > > Is the tcp/ip stack for the c64 at all vulnerable to the > > flaw in ICMP? > > Sorry for answering a bit late but I was away for a week on a course for > Cisco routers. And there was ICMP a part of the lessons as well. > > I don't know if there is a flaw in ICMP but the problem you are refering to > is the use of ICMP itself. ICMP can be compared with email: normal email > traffic is accepted, SPAM isn't. Normal ICMP traffic is acceptable but a > continous stream of ICMP commands isn't. And most of the time there are > hackers behind those streams. And that's why nowadays more and more routers > start to ban ICMP. Most firewalls don't accept it anymore at all. For a real TCP/IP implementation, you can't ban ICMP traffic at once, because sometimes it means unusable TCP communication, since some ICMP packets are used to signal the peer about something. There is a common misstake to disable icmp somewhere which results in quite stange networking problems ie see description of "fragmentation-needed" icmp message ... Of course you CAN disable eg incoming icmp echo request packets (the so calles "ping"), but not the WHOLE icmp traffic ... Of course for a very simple tcp/ip stack implementation is another story ... But it's very important to note, that banning icmp in once is a BIG MISSTAKE which shouldn't be done! - Gábor Message was sent through the cbm-hackers mailing list
Archive generated by hypermail pre-2.1.8.