Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Permitting ICMP traffic

Status
Not open for further replies.
lardum

lardum

IS-IT--Management
Apr 26, 2000
462
SE
Anyone have any ideas or suggestions regarding allowing all ICMP traffic? I currently have:
conduit permit icmp any any

Are there any negative effects on this?
 
Sort by date Sort by votes
Yes. You open yourself up for very simple denial of service attacks. If you want to be able to ping from the inside to the outside you could allow just certain types of icmp traffic, and still deny ping initiated from thw outside.

try this

conduit permit icmp any any echo-reply
conduit permit icmp any any source-quench
conduit permit icmp any any unreachable
conduit permit icmp any any time-exceeded

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
91
Russtoleum
Russtoleum
xylax
  • Locked
  • Question
Redirecting HTTP traffic from INSIDE to OUTSIDE using ASA NATs
Replies
0
Views
51
xylax
xylax
negley97
  • Locked
  • Question
XTM505 - would like to block all smtp traffic out except for Exchange server
Replies
2
Views
90
negley97
negley97
pbxnkey
  • Locked
  • Question
Redirect DNS traffic from the inside to the outside
Replies
2
Views
75
pbxnkey
pbxnkey
kdnations
  • Locked
  • Question
ASA 5510 traffic dropped
Replies
2
Views
70
kdnations
kdnations

Part and Inventory Search

Sponsor

Back
Top