Free hard drive encryption - Download a trial of SafeGuard Easy
Sophos Client Firewall: security implications of configuring ICMP
The ICMP tabbed page in the Firewall Policy editor in Enterprise Console, and the Sophos Client Firewall Configuration Editor on the local computer, is used by the Sophos Client Firewall to define permissions for incoming and outgoing ICMP traffic. A knowledgebase article lists the default settings for this page (among others).
A separate knowledgebase article outlines the security implications of configuration options for the Sophos Client Firewall.
ICMP tabbed page
ICMP traffic for incoming and outgoing communications is enabled separately.
- Echo Reply
Used to reply to echo requests (pings). Enabling Echo Reply could make your computer vulnerable to smurf attacks. - Destination Unreachable
Enabling this option could make your computer vulnerable to a destination unreachable attack. - Source Quench
To manage overload, source quench messages request that the amount of information sent to the message originator is reduced. Enabling Source Quench could make your computer vulnerable to man in the middle attacks and Denial of Service (DoS) attacks. - Redirect
Redirection can be used to change the routing tables on routers and computers in order to facilitate a DoS attack. - Echo Request
Used to ascertain if a networked computer is active (e.g. ping). Enabling Echo Request could make your computer vulnerable to smurf attacks. - Router Advertisement
Router advertisement messages are sent in response to router solicitation messages, or to broadcast the presence of the router. Spoofed router advertisement messages can be used to change routing tables within routers so as to facilitate man in the middle and DoS attacks. - Router Solicitation
Router solicitation messages are sent to locate routers within a network as a form of network scanning. Malicious users can use router solicitation to search for computers to attack.
The following options have no current security vulnerability associated with them:
- Time Exceeded for a Datagram
- Parameter Problem for a Datagram
- Timestamp Request
- Timestamp Reply
- Information Request
- Information Reply
- Address Mask Request
- Address Mask Reply
Other Sophos Client Firewall pages
Further knowledgebase articles describe the security implications of changing other options:
If you need more information or guidance, then please contact technical support.
- Article ID: 14200
- Created: 16 Dec 2005
- Last updated: 17 Oct 2008
Free hard drive encryption
- Protect sensitive data from unauthorized use
- Encrypt data, hard drives and removable media
- Work uninterrupted with encryption on demand
