Home | Community | Message Board


This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Myyco.com Shop: Golden Teacher Liquid Culture For Sale

Jump to first unread post Pages: 1
OfflineT0aD
Stranger

Registered: 06/18/02
Posts: 4,475
Last seen: 15 years, 17 days
ICMP blocked by admin - Is there a way I can still use it?
    #2313713 - 02/08/04 05:03 AM (20 years, 1 month ago)

As I said, ICMP is obviousy filtered, as I cant ping/traceroute any host outside our wireless lan.
Do you guys know any way I can still use icmp?
Peace


--------------------
Cuba Libre

Extras: Filter Print Post Top
OfflineMetaShroom
菌类
 User Gallery

Registered: 06/02/02
Posts: 1,462
Loc: East Anglia UK
Last seen: 16 years, 9 months
Re: ICMP blocked by admin - Is there a way I can still use it? [Re: T0aD]
    #2313729 - 02/08/04 05:25 AM (20 years, 1 month ago)

You can get this website to do tracert and stuff for you, but obviously it's from the website, not your machine.


--------------------
:sleepingcow:  :penguinmonkey: :blah:

JOIN MAPS -> www.MAPS.ORG

Extras: Filter Print Post Top
Offlineriffic
Male
Registered: 09/12/02
Posts: 99
Last seen: 10 years, 20 days
Re: ICMP blocked by admin - Is there a way I can still use i [Re: T0aD]
    #2314821 - 02/08/04 03:15 PM (20 years, 1 month ago)

i dont understand why an admin would block outgoing ICMP.. it really doesn't pose a security risk as far as I know.. silly admins

Extras: Filter Print Post Top
Offlinebiglo
Shroomery BabySitter
 User Gallery

Folding@home Statistics
Registered: 11/22/02
Posts: 603
Loc: US of A
Last seen: 8 years, 7 months
Re: ICMP blocked by admin - Is there a way I can still use i [Re: riffic]
    #2315325 - 02/08/04 07:07 PM (20 years, 1 month ago)

"i dont understand why an admin would block outgoing ICMP.. it really doesn't pose a security risk as far as I know.. silly admins"

It's not stupid, it's probably to block outgoing Denial of Service Attacks that flood their network from home users that get infected with a virus and don't know it or know that they're clogging up bandwidth from it.

Extras: Filter Print Post Top
Offlineriffic
Male
Registered: 09/12/02
Posts: 99
Last seen: 10 years, 20 days
Re: ICMP blocked by admin - Is there a way I can still use i [Re: biglo]
    #2316472 - 02/09/04 12:22 AM (20 years, 1 month ago)

Quote:

biglo said:
"i dont understand why an admin would block outgoing ICMP.. it really doesn't pose a security risk as far as I know.. silly admins"

It's not stupid, it's probably to block outgoing Denial of Service Attacks that flood their network from home users that get infected with a virus and don't know it or know that they're clogging up bandwidth from it.


outgoing != incoming...

you'd want to block incoming icmp if you want to avoid ping flood attacks...

outgoing ICMP is a valuable diagnostic tool and blocking it is pointless.

Extras: Filter Print Post Top
OfflineSeussA
Error: divide byzero

Folding@home Statistics
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 1 month, 19 days
Re: ICMP blocked by admin - Is there a way I can still use i [Re: riffic]
    #2316792 - 02/09/04 04:13 AM (20 years, 1 month ago)

> outgoing ICMP is a valuable diagnostic tool and blocking it is pointless.

If I have infected users in my LAN, then by blocking outgoing ICMP I limit the damage my users are doing to others. Not pointless. Any good firewall configuration should block all outgoing ICMP that doesn't originate from the firewall proxy.

Here is an extreme example... I am a 'spy' behind a firewall and I want to sneak out secret data. I can format a ping ICMP packet with valid "secret data" and ping a machine outside the firewall. The machine outside replies back, with commands in it's data section. By writing two special "ping servers", one inside and one outside of the firewall, I can initiate data transfer over ICMP using ping.


--------------------
Just another spore in the wind.

Extras: Filter Print Post Top
Offlineriffic
Male
Registered: 09/12/02
Posts: 99
Last seen: 10 years, 20 days
Re: ICMP blocked by admin - Is there a way I can still use i [Re: Seuss]
    #2316833 - 02/09/04 05:00 AM (20 years, 1 month ago)

you're overly paranoid, and you should yank the network cords from the users on your lan with infected hosts =)

you might want to allow some icmp packets through, namely type 3 error messages.. other applications rely on receiving error messages

http://tech.oneeyedcrow.net/icmp-filtering.html has a decent write-up.

Extras: Filter Print Post Top
OfflineSeussA
Error: divide byzero

Folding@home Statistics
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 1 month, 19 days
Re: ICMP blocked by admin - Is there a way I can still use i [Re: riffic]
    #2316853 - 02/09/04 05:12 AM (20 years, 1 month ago)

> you're overly paranoid

Comes from my training and background.


--------------------
Just another spore in the wind.

Extras: Filter Print Post Top
OfflineT0aD
Stranger

Registered: 06/18/02
Posts: 4,475
Last seen: 15 years, 17 days
Re: ICMP blocked by admin - Is there a way I can still use i [Re: Seuss]
    #2316870 - 02/09/04 05:24 AM (20 years, 1 month ago)

anyone has solution for me ?


--------------------
Cuba Libre

Extras: Filter Print Post Top
OfflineSeussA
Error: divide byzero

Folding@home Statistics
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 1 month, 19 days
Re: ICMP blocked by admin - Is there a way I can still use i [Re: T0aD]
    #2318181 - 02/09/04 02:28 PM (20 years, 1 month ago)

> Do you guys know any way I can still use icmp?

Nope, not easily.... make friends with the network admins...  :smile:  (I think I mentioned that before.)


--------------------
Just another spore in the wind.

Extras: Filter Print Post Top
Offlinebiglo
Shroomery BabySitter
 User Gallery

Folding@home Statistics
Registered: 11/22/02
Posts: 603
Loc: US of A
Last seen: 8 years, 7 months
Re: ICMP blocked by admin - Is there a way I can still use i [Re: Seuss]
    #2336444 - 02/15/04 02:45 AM (20 years, 1 month ago)

> outgoing ICMP is a valuable diagnostic tool and blocking it is pointless.

If I have infected users in my LAN, then by blocking outgoing ICMP I limit the damage my users are doing to others. Not pointless. Any good firewall configuration should block all outgoing ICMP that doesn't originate from the firewall proxy.

Yeah, that's what I meant. It limits the damage you can do to other people/websites from your computer if your computer becomes infected and is clogging up outgoing bandwidth on the network.

Extras: Filter Print Post Top
OfflineMetaShroom
菌类
 User Gallery

Registered: 06/02/02
Posts: 1,462
Loc: East Anglia UK
Last seen: 16 years, 9 months
Re: ICMP blocked by admin - Is there a way I can still use i [Re: biglo]
    #2336558 - 02/15/04 04:10 AM (20 years, 1 month ago)

I had a virus on my network once that was sending vast amounts of ICMP traffic outwards. We actually thought at first that some dodgy hardware was to blame, so it can have a serious effect on your own network, regardless of causing problems for other people.


--------------------
:sleepingcow:  :penguinmonkey: :blah:

JOIN MAPS -> www.MAPS.ORG

Extras: Filter Print Post Top
Offlineriffic
Male
Registered: 09/12/02
Posts: 99
Last seen: 10 years, 20 days
Re: ICMP blocked by admin - Is there a way I can still use i [Re: biglo]
    #2337166 - 02/15/04 11:57 AM (20 years, 1 month ago)

-edit-

Edited by riffic (03/11/14 12:17 AM)

Extras: Filter Print Post Top
OfflineMetaShroom
菌类
 User Gallery

Registered: 06/02/02
Posts: 1,462
Loc: East Anglia UK
Last seen: 16 years, 9 months
Re: ICMP blocked by admin - Is there a way I can still use i [Re: riffic]
    #2337398 - 02/15/04 12:57 PM (20 years, 1 month ago)

this is about network admins blocking outgoing ICMP, so that if a user does become infected, it won't cause problems for the whole network  :rolleyes:


--------------------
:sleepingcow:  :penguinmonkey: :blah:

JOIN MAPS -> www.MAPS.ORG

Extras: Filter Print Post Top
Offlinemntlfngrs
The Art of Casterbation
Male User Gallery

Registered: 07/18/02
Posts: 3,937
Last seen: 5 years, 6 months
Re: ICMP blocked by admin - Is there a way I can still use i [Re: Seuss]
    #2364166 - 02/21/04 02:45 PM (20 years, 1 month ago)

I would apply access lists to the routers with exceptions for management stations By blocking all ICMP at the firewall it limits managements ability to troubleshoot in the DMZ.


--------------------
Be all and you'll be to end all

Extras: Filter Print Post Top
Jump to top Pages: 1

Myyco.com Shop: Golden Teacher Liquid Culture For Sale


Similar ThreadsPosterViewsRepliesLast post
* hey network admins.... ricyjo 1,537 9 02/07/04 11:47 AM
by nife
* ssh vs ICMP filtering debianlinux 1,107 6 04/13/06 10:38 AM
by debianlinux
* Internet Blocked Out...HELP Papa_Bear 983 5 01/21/03 02:32 AM
by Tomi
* can anyone help me with bittorrent on a network admined by someone else? OJK 570 2 04/17/06 05:10 PM
by OJK
* Circumcision Helps Prevent HIV Infection DiploidM 2,193 13 08/11/13 08:08 PM
by ChuangTzu
* Is my ISP blocking the shroomery? z@z.com 1,134 5 02/19/03 06:20 PM
by ISH
* Need to become admin tak 632 3 04/03/06 04:09 PM
by tak
* Comcast Sued for Blocking P2P Sites DiploidM 965 1 11/16/07 06:21 AM
by Seuss

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
1,472 topic views. 0 members, 0 guests and 4 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.021 seconds spending 0.004 seconds on 12 queries.