Thursday, July 7, 2011

iptables icmp

SkyHi @ Thursday, July 07, 2011
You have the following line in your configuration:
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
However, there are two types of ICMP request that can be considered a small security concern (from enter link description here):
Type  Name                   Reference          
...
13  Timestamp        [RFC792]
...
17  Address Mask Request     [RFC950]
Type 13 is a request for the exact time according to the destination computer. The exact time can be used to exploit some very weak encryption algorithms in some network protocols, allowing an attacker to gain access to privileged information. Type 17 is a request for the netmask of the interface on which the request was received. A valid response can assist an attacker in learning about the topology of your network. In place of the above rule, I recommend the following three rules:
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 13 -j REJECT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 17 -j REJECT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
These rules will prevent the two forbidden ICMP types and allow all others.

REFERENCES
http://serverfault.com/questions/287998/is-my-linux-firewall-secure