TUCoPS :: Security App Flaws :: blakice2.htm

BlackICE will not block ICMP traffic
Vulnerability

    BlackICE

Affected

    BlackICE

Description


    BlackICE is the popular home IDS/firewall product by NetworkICE -
    it cannot be configured to block ICMP.  This is in contrast to
    TCP and UDP traffic that is governed by rules in the firewall.ini
    file.

    Note  -  Configuring  it  to  block  a specific IP will block ICMP
    traffic as well.

Solution

    You cannot  block all  ICMP traffic.   Ping is  only one  type  of
    service sent over ICMP.  A list of the services supported by  ICMP
    are:

        Echo Reply (Ping)
        Destination Unreachable
        Source Quench
        Redirect (change a route)
        Echo Request (Ping)
        Time Exceeded for a Datagram
        Parameter Problem on a Datagram
        Timestamp Request
        Timestamp Reply
        Information Request
        Information Reply
        Address Mask Request
        Address Mask ReplyYou cannot block all
        ICMP traffic.  Ping is only one type of service sent over ICMP.

    A list of the services supported by ICMP are:

        Echo Reply (Ping)
        Destination Unreachable
        Source Quench
        Redirect (change a route)
        Echo Request (Ping)
        Time Exceeded for a Datagram
        Parameter Problem on a Datagram
        Timestamp Request
        Timestamp Reply
        Information Request
        Information Reply
        Address Mask Request
        Address Mask Reply

    BlackICE  Agent  ver2.5  will  have  the  capability  that you are
    looking for.  Expected release is Q42000.  BlackICE Agent is  part
    of the Enterprise ICEpac Suite.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH