Sunday, September 26, 2021

How do you protect against ICMP tunneling

ICMP tunneling can be detected if you have deployed packet capture solution or Zeek (bro). But how do you protect say a user subnet against it? Well you could disable ICMP all together or limit it to certain ICMTP types. But totally disabling ICMP would result in operational inefficiencies. Do next NGFW (like PAN, Cisco etc.) protect against it by default or you need to enable something in the vulnerability profile?



No comments:

Post a Comment