> I'm thinking of blocking ICMP (ping) requests, in my router, from the
> internet...
> What port should I block ? I did some research but didn't find what I was
> looking for.
We do this on our Max box and we also block traceroutes. There is this
nasty bug (more like a technique) where you icmp flood the broadcast
address and it makes your network unhappy.
<hacker talk>
First, you want to make sure you are filtering inbound packets that didnt
come from your local network(s). THen you want to make sure that you are
filtering outbound traffic that has source ip numbers that are not in your
networks or your downstream networks, in case you have a hacker as a
customer.
Then for example to stop ICMP echo packetoids, do something like:
set filter f.in deny <from destination address> 0.0.0.0/0 icmp type 8
To stop ALL the ICMP packet types leave off the type 8. But I dont
know if you want to deny ALL incoming ICMP as that might upset some users.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
Jake Messinger 713-772-6690 jake@ams.com
Advanced Medical Systems, Inc. jake@uh.edu
8300 Bissonnet #400 fax: 713-774-3498
Houston, Texas 77074 http://www.ams.com/~jake
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.