[FW1] ICMP Type 3 packets getting through Rule 0

["Whittier, Doug" <Doug.Whittier@leg.bc.ca>]

Greetings:

I am running FW-1 4.0.

Since pretty much day one, the log has shown that certain ICMP packets
are being intercepted and dropped.

The log shows that these packets are 'icmp-type 3 icmp-code 3' and
'icmp-type 3 icmp-code 13'

Our policy properties has ICMP disabled, so I would expect these packets
to be stopped by Rule 0 (the policy properties).

However, they are being stopped by rule 4, which is our 'nothing touches
the firewall object' rule. Presumably, then, these are not your standard
ICMP packets.

I looked on Phoneboy and found a list of ICMP codes. That's fine for the
sake of definition, but it doesn't list the type 13 packet.

I'd considered defining a new service for these packets based on port
number (assuming that would be reasonable), but the log does not show
the port number in the S_Port column.

Does anyone have a bit more info as to what these packets are about and
how I might better deal with them? Also, maybe they're nothing to worry
about - I'm just concerned that they are getting through my Rule 0, so
there must be something a little unusual about them.


Cheers,

Doug Whittier
Legislative Assembly Computer Systems
(250) 356-2280
doug.whittier@leg.bc.ca



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================