Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
0
Helpful
2
Replies

Your opinion needed on allowing Outbound ICMP traffic

vwalsh
Level 1
Level 1

‎10-26-2001 02:36 PM - edited ‎03-08-2019 08:58 PM

I am interested in other Security tech's opinion and policy on allowing outbound ICMP traffic through a firewall to the internet - to do or not to do? That is the question.

And why. And if you have any supporting documentation links to your opinion and/or policy.

Thank you,

Labels:
0 Helpful
2 Replies 2

jgmitter
Level 4
Level 4

‎10-29-2001 07:45 PM

ICMP Message Types to Allow Outbound at the Perimeter Router/Firewall

Message Types

Number Name

4 source quench

8 echo request (ping)

12 parameter problem

Table 5:

ICMP Message Types to Allow Inbound at the Perimeter Router/Firewall

Message Types

Number Name

0 echo reply

3 destination unreachable

4 source quench

11 time exceeded

12 parameter problem

http://www.sans.org/newlook/resources/NSA_guide.htm

0 Helpful

rrbleeker
Level 1
Level 1
In response to jgmitter

‎10-29-2001 08:01 PM

The reason behind limiting ICMP traffic is to 'hide' your hosts as much as possible for a potential hacker. What he/she cannot see, he/she will likely ignore. Security by obscurity!

0 Helpful
Customers Also Viewed These Support Documents