[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] ICMP Type 3 packets getting through Rule 0
My list of icmp codes says icmp type 3 code 13 means:
"Communication Administratively Prohibited by Filtering"
Never seen one of them, myself.
Neil
At 12:06 04/23/99 -0700, Whittier, Doug wrote:
>
>Greetings:
>
>I am running FW-1 4.0.
>
>Since pretty much day one, the log has shown that certain ICMP packets
>are being intercepted and dropped.
>
>The log shows that these packets are 'icmp-type 3 icmp-code 3' and
>'icmp-type 3 icmp-code 13'
>
>Our policy properties has ICMP disabled, so I would expect these packets
>to be stopped by Rule 0 (the policy properties).
>
>However, they are being stopped by rule 4, which is our 'nothing touches
>the firewall object' rule. Presumably, then, these are not your standard
>ICMP packets.
>
>I looked on Phoneboy and found a list of ICMP codes. That's fine for the
>sake of definition, but it doesn't list the type 13 packet.
>
>I'd considered defining a new service for these packets based on port
>number (assuming that would be reasonable), but the log does not show
>the port number in the S_Port column.
>
>Does anyone have a bit more info as to what these packets are about and
>how I might better deal with them? Also, maybe they're nothing to worry
>about - I'm just concerned that they are getting through my Rule 0, so
>there must be something a little unusual about them.
>
>
>Cheers,
>
>Doug Whittier
>Legislative Assembly Computer Systems
>(250) 356-2280
>doug.whittier@leg.bc.ca
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================