Firewalk Defenses
¨Configure firewall to pass a minimum
set of ports
¨Accept the fact that an attacker can
determine
your firewall rules
¨Filter out ICMP Time Exceeded
messages leaving your network
–Side effect of crippling
traceroute
¨Replace traditional and stateful
packet filters with proxy-based firewalls