Home | Community | Message Board


Edabea
Please support our sponsors.

General Interest >> Science and Technology

Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Jump to first unread post. Pages: 1
OfflineT0aD
Stranger

Registered: 06/18/02
Posts: 4,475
Last seen: 7 years, 8 months
ICMP blocked by admin - Is there a way I can still use it?
    #2313713 - 02/08/04 07:03 AM (12 years, 9 months ago)

As I said, ICMP is obviousy filtered, as I cant ping/traceroute any host outside our wireless lan.
Do you guys know any way I can still use icmp?
Peace


--------------------
Cuba Libre


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineMetaShroom
菌类
 User Gallery

Registered: 06/02/02
Posts: 1,462
Loc: East Anglia UK
Last seen: 9 years, 5 months
Re: ICMP blocked by admin - Is there a way I can still use it? [Re: T0aD]
    #2313729 - 02/08/04 07:25 AM (12 years, 9 months ago)

You can get this website to do tracert and stuff for you, but obviously it's from the website, not your machine.


--------------------
:sleepingcow:  :penguinmonkey: :blah:

JOIN MAPS -> www.MAPS.ORG


Post Extras: Print Post  Remind Me! Notify Moderator
Offlineriffic
Male
Registered: 09/12/02
Posts: 99
Last seen: 2 years, 8 months
Re: ICMP blocked by admin - Is there a way I can still use i [Re: T0aD]
    #2314821 - 02/08/04 05:15 PM (12 years, 9 months ago)

i dont understand why an admin would block outgoing ICMP.. it really doesn't pose a security risk as far as I know.. silly admins


Post Extras: Print Post  Remind Me! Notify Moderator
Offlinebiglo
Shroomery BabySitter
 User Gallery

Folding@home Statistics
Registered: 11/22/02
Posts: 603
Loc: US of A
Last seen: 1 year, 3 months
Re: ICMP blocked by admin - Is there a way I can still use i [Re: riffic]
    #2315325 - 02/08/04 09:07 PM (12 years, 9 months ago)

"i dont understand why an admin would block outgoing ICMP.. it really doesn't pose a security risk as far as I know.. silly admins"

It's not stupid, it's probably to block outgoing Denial of Service Attacks that flood their network from home users that get infected with a virus and don't know it or know that they're clogging up bandwidth from it.


Post Extras: Print Post  Remind Me! Notify Moderator
Offlineriffic
Male
Registered: 09/12/02
Posts: 99
Last seen: 2 years, 8 months
Re: ICMP blocked by admin - Is there a way I can still use i [Re: biglo]
    #2316472 - 02/09/04 02:22 AM (12 years, 9 months ago)

Quote:

biglo said:
"i dont understand why an admin would block outgoing ICMP.. it really doesn't pose a security risk as far as I know.. silly admins"

It's not stupid, it's probably to block outgoing Denial of Service Attacks that flood their network from home users that get infected with a virus and don't know it or know that they're clogging up bandwidth from it.


outgoing != incoming...

you'd want to block incoming icmp if you want to avoid ping flood attacks...

outgoing ICMP is a valuable diagnostic tool and blocking it is pointless.


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineSeussA
Error: divide byzero

Folding@home Statistics
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 28 days, 19 hours
Re: ICMP blocked by admin - Is there a way I can still use i [Re: riffic]
    #2316792 - 02/09/04 06:13 AM (12 years, 9 months ago)

> outgoing ICMP is a valuable diagnostic tool and blocking it is pointless.

If I have infected users in my LAN, then by blocking outgoing ICMP I limit the damage my users are doing to others. Not pointless. Any good firewall configuration should block all outgoing ICMP that doesn't originate from the firewall proxy.

Here is an extreme example... I am a 'spy' behind a firewall and I want to sneak out secret data. I can format a ping ICMP packet with valid "secret data" and ping a machine outside the firewall. The machine outside replies back, with commands in it's data section. By writing two special "ping servers", one inside and one outside of the firewall, I can initiate data transfer over ICMP using ping.


--------------------
Just another spore in the wind.


Post Extras: Print Post  Remind Me! Notify Moderator
Offlineriffic
Male
Registered: 09/12/02
Posts: 99
Last seen: 2 years, 8 months
Re: ICMP blocked by admin - Is there a way I can still use i [Re: Seuss]
    #2316833 - 02/09/04 07:00 AM (12 years, 9 months ago)

you're overly paranoid, and you should yank the network cords from the users on your lan with infected hosts =)

you might want to allow some icmp packets through, namely type 3 error messages.. other applications rely on receiving error messages

http://tech.oneeyedcrow.net/icmp-filtering.html has a decent write-up.


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineSeussA
Error: divide byzero

Folding@home Statistics
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 28 days, 19 hours
Re: ICMP blocked by admin - Is there a way I can still use i [Re: riffic]
    #2316853 - 02/09/04 07:12 AM (12 years, 9 months ago)

> you're overly paranoid

Comes from my training and background.


--------------------
Just another spore in the wind.


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineT0aD
Stranger

Registered: 06/18/02
Posts: 4,475
Last seen: 7 years, 8 months
Re: ICMP blocked by admin - Is there a way I can still use i [Re: Seuss]
    #2316870 - 02/09/04 07:24 AM (12 years, 9 months ago)

anyone has solution for me ?


--------------------
Cuba Libre


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineSeussA
Error: divide byzero

Folding@home Statistics
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 28 days, 19 hours
Re: ICMP blocked by admin - Is there a way I can still use i [Re: T0aD]
    #2318181 - 02/09/04 04:28 PM (12 years, 9 months ago)

> Do you guys know any way I can still use icmp?

Nope, not easily.... make friends with the network admins...  :smile:  (I think I mentioned that before.)


--------------------
Just another spore in the wind.


Post Extras: Print Post  Remind Me! Notify Moderator
Offlinebiglo
Shroomery BabySitter
 User Gallery

Folding@home Statistics
Registered: 11/22/02
Posts: 603
Loc: US of A
Last seen: 1 year, 3 months
Re: ICMP blocked by admin - Is there a way I can still use i [Re: Seuss]
    #2336444 - 02/15/04 04:45 AM (12 years, 9 months ago)

> outgoing ICMP is a valuable diagnostic tool and blocking it is pointless.

If I have infected users in my LAN, then by blocking outgoing ICMP I limit the damage my users are doing to others. Not pointless. Any good firewall configuration should block all outgoing ICMP that doesn't originate from the firewall proxy.

Yeah, that's what I meant. It limits the damage you can do to other people/websites from your computer if your computer becomes infected and is clogging up outgoing bandwidth on the network.


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineMetaShroom
菌类
 User Gallery

Registered: 06/02/02
Posts: 1,462
Loc: East Anglia UK
Last seen: 9 years, 5 months
Re: ICMP blocked by admin - Is there a way I can still use i [Re: biglo]
    #2336558 - 02/15/04 06:10 AM (12 years, 9 months ago)

I had a virus on my network once that was sending vast amounts of ICMP traffic outwards. We actually thought at first that some dodgy hardware was to blame, so it can have a serious effect on your own network, regardless of causing problems for other people.


--------------------
:sleepingcow:  :penguinmonkey: :blah:

JOIN MAPS -> www.MAPS.ORG


Post Extras: Print Post  Remind Me! Notify Moderator
Offlineriffic
Male
Registered: 09/12/02
Posts: 99
Last seen: 2 years, 8 months
Re: ICMP blocked by admin - Is there a way I can still use i [Re: biglo]
    #2337166 - 02/15/04 01:57 PM (12 years, 9 months ago)

-edit-


Edited by riffic (03/11/14 02:17 AM)


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineMetaShroom
菌类
 User Gallery

Registered: 06/02/02
Posts: 1,462
Loc: East Anglia UK
Last seen: 9 years, 5 months
Re: ICMP blocked by admin - Is there a way I can still use i [Re: riffic]
    #2337398 - 02/15/04 02:57 PM (12 years, 9 months ago)

this is about network admins blocking outgoing ICMP, so that if a user does become infected, it won't cause problems for the whole network  :rolleyes:


--------------------
:sleepingcow:  :penguinmonkey: :blah:

JOIN MAPS -> www.MAPS.ORG


Post Extras: Print Post  Remind Me! Notify Moderator
Offlinemntlfngrs
The Art of Casterbation
Male User Gallery

Registered: 07/18/02
Posts: 3,937
Last seen: 1 year, 2 days
Re: ICMP blocked by admin - Is there a way I can still use i [Re: Seuss]
    #2364166 - 02/21/04 04:45 PM (12 years, 9 months ago)

I would apply access lists to the routers with exceptions for management stations By blocking all ICMP at the firewall it limits managements ability to troubleshoot in the DMZ.


--------------------
Be all and you'll be to end all


Post Extras: Print Post  Remind Me! Notify Moderator
Jump to top. Pages: 1

General Interest >> Science and Technology

Similar ThreadsPosterViewsRepliesLast post
* can anyone help me with bittorrent on a network admined by someone else? OJK 462 2 04/17/06 07:10 PM
by OJK
* hey network admins.... ricyjo 1,134 9 02/07/04 01:47 PM
by nife
* ssh vs ICMP filtering debianlinux 851 6 04/13/06 12:38 PM
by debianlinux
* Comcast Sued for Blocking P2P Sites DiploidM 786 1 11/16/07 08:21 AM
by Seuss
* linux system security logs, possible break in? network guru needed sherm 784 6 04/14/05 06:54 AM
by MAIA
* Need to become admin tak 523 3 04/03/06 06:09 PM
by tak
* AT&T Slams Google Over Open-access Wireless Network Proposal DiploidM 442 0 07/14/07 11:13 PM
by Diploid
* How can i penetrate password protected Wi Fi network? (ie how can i steal interent from neighbours)
( 1 2 3 all )
Jalruza 18,839 56 02/10/08 05:56 PM
by psilosibling

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Lana, trendal, Diploid, automan
1,146 topic views. 0 members, 6 guests and 5 web crawlers are browsing this forum.
[ Toggle Favorite | Print Topic | Stats ]
Search this thread:
High Mountain Compost
Please support our sponsors.

Copyright 1997-2016 Mind Media. Some rights reserved.

Generated in 0.057 seconds spending 0.006 seconds on 14 queries.