Filtering icmp packets – USRobotics NETServer/8 User Manual
Page 129
Packet Filters 8-15
Filtering ICMP packets
ICMP packets can only be filtered by type. So, the only option
is:
type <icmp message type>
The ICMP message types are listed below. Note that most of
them are error messages necessary for the correct operation of
TCP/IP:
Type
Description
0
Echo Reply (Ping)
3
Destination Unreachable
4
Source Quench
5
Redirect (change route)
8
Echo Request (Ping)
11
Time Exceeded for a Datagram
12
Parameter Problem on a Datagram
13
Timestamp Request
14
Timestamp Reply
15
Information Request
16
Information Reply
17
Address Mask Request
18
Address Mask Reply
If you are concerned about security, filter out incoming type 5
messages. Sending ICMP redirects is an easy way for a vandal
to change your routing tables.
deny icmp type 5
Although PING is useful for troubleshooting, it allows a poten-
tial intruder to obtain a map of your network by systematically
pinging every possible address. If you think this is a security
risk, then filter out incoming type 8 packets or outgoing echo
replies (type 0).