Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
353
Views
0
Helpful
1
Replies

How to limit ICMP on the PIX firewall.

Go to solution
terblac
Level 1
Level 1

‎08-28-2006 09:32 PM - edited ‎02-21-2020 01:08 AM

Good day guys!!

I have some dilema with regards to limiting ICMP from inside users traversing to other networks such as other DMZs.

I know that in order to let ICMP to pass thru the interfaces you have to create an ACL such as the one below:

access-list DMZACL permit icmp any any

Users would require this config to ping a server on the DMZ but this is a security risk.

In order to minimize I have a created object groups to identify what hosts and networks is allowed to have access to echo-replies.

Still this is an issue since there a lot of host who do extended pings just to monitor the connectivity of the server and it's application.

Do you guys have other ideas?

Such as limiting the echo-replies on the PIX. Like letting the first 5 echo request succeed with 5 echo-replies and the rest would be dropped.

Could this be done?

Thanks,

Chris

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Fernando_Meza
Level 7
Level 7

‎08-28-2006 09:59 PM

Hi .. I don't think you can do this using an ACL on the PIX however, you might be able to stop ICMP sweeps by enabling the IDS signatures using te ip audit command .. for more information refer to the below link

Usage Guidelines Cisco Intrusion Detection System (Cisco IDS) provides the following for IP-based systems:

? Traffic auditing. Application-level signatures will only be audited as part of an active session.

? Applies the audit to an interface.

? Supports different audit policies. Traffic matching a signature triggers a range of configurable

actions.

? Disables the signature audit.

? Enables IDS and still disables actions of a signature class (informational, attack).

Auditing is performed by looking at the IP packets as they arrive at an input interface, if a packet triggers

a signature and the configured action does not drop the packet, then the same packet can trigger other

signatures.

PIX Firewall supports both inbound and outbound auditing.

For a complete list of supported Cisco IDS signatures, their wording, and whether they are attack or

informational messages, refer to Cisco PIX Firewall System Log Messages.

Refer to the Cisco Secure Intrusion Detection System Version 2.2.1 User Guide for detailed information

on each signature. You can view the ?NSDB and Signatures? chapter of this guide at the following

website:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids1/csidsug/sigs.htm

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Fernando_Meza
Level 7
Level 7

‎08-28-2006 09:59 PM

Hi .. I don't think you can do this using an ACL on the PIX however, you might be able to stop ICMP sweeps by enabling the IDS signatures using te ip audit command .. for more information refer to the below link

Usage Guidelines Cisco Intrusion Detection System (Cisco IDS) provides the following for IP-based systems:

? Traffic auditing. Application-level signatures will only be audited as part of an active session.

? Applies the audit to an interface.

? Supports different audit policies. Traffic matching a signature triggers a range of configurable

actions.

? Disables the signature audit.

? Enables IDS and still disables actions of a signature class (informational, attack).

Auditing is performed by looking at the IP packets as they arrive at an input interface, if a packet triggers

a signature and the configured action does not drop the packet, then the same packet can trigger other

signatures.

PIX Firewall supports both inbound and outbound auditing.

For a complete list of supported Cisco IDS signatures, their wording, and whether they are attack or

informational messages, refer to Cisco PIX Firewall System Log Messages.

Refer to the Cisco Secure Intrusion Detection System Version 2.2.1 User Guide for detailed information

on each signature. You can view the ?NSDB and Signatures? chapter of this guide at the following

website:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids1/csidsug/sigs.htm

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card