ICMP and ipfw

Reply: Michael Sierchio : "Re: ICMP and ipfw"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: LuMiWa <lumiwa_at_dismail.de>
Date: Sun, 13 Mar 2022 13:06:08 UTC

Hi!

I changed some settings in ipfw.rules:
# ICMP
$cmd 02300 deny log icmp from any to any icmptypes 8
$cmd 02350 deny log icmp from any to any icmptypes 0
$cmd 02400 allow ipv6-icmp from any to any icmp6types 128,129
$cmd 02500 allow icmp from any to any icmptypes 3,4,11
$cmd 02600 allow ipv6-icmp from any to any icmp6types 3

Than I tested on www.grc.com and I failed on Ping reply:
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP
Echo) requests, making it visible on the Internet. Most personal
firewalls can be configured to block, drop, and ignore such ping
requests in order to better hide systems from hackers. This is highly
recommended since "Ping" is among the oldest and most common methods
used to locate systems prior to further exploitation.

I tried also icmptypes 8,0 and 0,0 but the same result.

Thank you.

-- 
“Life is really simple, but we insist on making it complicated.”

--Confucius