Web Application Security Forum - Networking

Content length without actually reading content (no replies)

firestorm — Thu, 28 Feb 2013 08:38:01 -0600

I noticed that when I make request using gzip encoding the server response has content-length set for me, so I get to know the size without actually having the need to read entire response. Is there any other encoding type for which the server sets content-length in response header ?

Thanks!

snmp fun (1 reply)

Anarchy Angel — Thu, 12 Jul 2012 10:37:21 -0500

so i been on a snmp kick and found a handful of modems and routers that have the rw string set to private. walks and stuff are fine, but has anyone had any luck forwarding ports or turning a modem into a proxy via snmp? i have looked all over google about it but either no one has ever attempted or it cant be done. thoughts?

Knowing IP Any Use? (1 reply)

idisappear — Mon, 18 Jun 2012 19:07:52 -0500

Suppose that my aunt is running Windows 7 and with permission, she wants me to access her hard drive through the internet and copy a file on her desktop. In this theoretical example, she is not a host or running server software of any kind. She is not running a browser, IM client, IRC client, or anything like that, but she is definitely connected to the internet. This example assumes I am not in a proximity where I can do any packet sniffing. Lastly, assume she has disabled all remote desktop software. Knowing her IP address, is it realistic to access her hard drive? Can I connect to her with a command prompt and access her files using telnet/DOS or anything like that? How would I go about connecting to get a command prompt and guess a password?

Network IP scanner in .php (no replies)

thejack — Thu, 21 Jul 2011 16:45:29 -0500

hai all...
can someone show me network scanner in .php ??
thats can be scan for opened port listing

thanks for your help.

bypass limitation/blocking on http proxies? (2 replies)

InjEctOr — Sun, 03 Jul 2011 10:46:17 -0500

Hi there,

Recently My ISP provider blocked any kind of http proxies can be used in browsers. When I put my proxy settings in my browser, it keeps loading with no response. I've squid proxy running on my own server and worked fine before that modification.
I tried to do traceroute and found interesting thing "4th line" which may indicate that there is a device that receives and filter packets I think:

Quote:
traceroute to google.com (209.85.148.103), 30 hops max, 60 byte packets
1 * * *
2 72.17.0.xxx (72.17.0.xxx) 166.481 ms * 194.361 ms
3 72.17.0.xxx (72.17.0.xxx) 194.291 ms 214.242 ms 234.189 ms
4 10.0.5.2 (10.0.5.2) 274.135 ms 326.137 ms 159.830 ms
5 72.17.1.1 (72.17.1.1) 167.689 ms 179.645 ms 179.582 ms
6 182.37.192.194 (182.37.192.194) 220.266 ms 220.195 ms 199.930 ms
7 182.37.192.206 (182.37.192.206) 219.673 ms 231.821 ms 231.796 ms
8 pos2-0.cr01.ldn01.pccwbtn.net (63.218.54.85) 271.785 ms 267.755 ms 267.659 ms
9 TenGE11-2.br02.ldn01.pccwbtn.net (63.218.12.146) 271.760 ms 279.780 ms 291.626 ms
10 195.66.226.125 (195.66.226.125) 286.950 ms 195.66.224.125 (195.66.224.125) 298.889 ms 195.66.226.125 (195.66.226.125) 291.695 ms
11 64.233.175.27 (64.233.175.27) 291.805 ms 209.85.255.175 (209.85.255.175) 267.771 ms 64.233.175.27 (64.233.175.27) 287.788 ms
12 72.14.233.63 (72.14.233.63) 219.817 ms 199.754 ms 231.653 ms
13 209.85.248.183 (209.85.248.183) 227.846 ms 219.801 ms 235.821 ms
14 209.85.254.41 (209.85.254.41) 219.544 ms 209.85.254.57 (209.85.254.57) 227.707 ms 209.85.254.41 (209.85.254.41) 407.638 ms
15 fra07s07-in-f103.1e100.net (209.85.148.103) 379.794 ms 411.762 ms 371.844 ms

Now the questions:
- How they succeeded in denying http proxies?
- Is the ip address at the 4th line above means that ISP put us in vpn network so prevents using proxies, or that's a device as I've mentioned?
- Is it possible to bypass that?, something like encrypt my request using such middle software which can act as following:
client ==HTTP request==> Middle software (client side) ==encrypted request==> Squid proxy ==Original HTTP request==> Target
or any other trick?

Any suggestions to bypass this limitation will be welcome,

Thanks in advance.

inject0r,

Fake my network IP (1 reply)

thejack — Wed, 29 Jun 2011 16:21:44 -0500

here i got bored to thingking..
Hi all..
i have ip dhcp from the server my ISP.
IP : 20.200.200.201
subnet : 255.255.255.255
gateway: 20.200.200.201

and my isp network server was : 20.0.0.2

I want to run some application & just allow from 20.0.0.1-100
how can i change my ip or got access the application (phpmyadmin)

reverse connection with nat/router (2 replies)

xseni — Tue, 21 Jun 2011 14:05:53 -0500

Hello everyone ! :)
I have a huge problem. I want to set a reverse connection from internet but my ISP use router (or nat i don't know exactly).
I know that it's possible to reverse connection by configuring router and set a port forwarding , but the problem is that , my isp is my university , i'm just a little student , so it's difficult for them to let me do something with "their" network, by using their router.
Is there a possibility to anyway accomplish a reverse connection ? I just want to make a kind of little server, and allow other people to connect to my computer trhough ssh too.
Thanks a lot for helping

A detail : before i have a connection , i have to connect to my university's vpn. So i use the ppp0 interface for connection (i saw it by using netstat).

Tampering with websockets (13 replies)

holiman — Wed, 12 Jan 2011 11:15:57 -0600

I have been experimenting a bit with websockets, mostly to intercept and tamper with websocket traffic. In order to do so, I am using Jetty and the default chat-application which is bundled in the release ( > 7.0). I use google chrome as a browser.

Anyway, I am testing approaches to, on the client side, tamper with data
a) before it is sent to the server and
b) when it is received, before it is handled by the application javascript.

The case a) can be fixed in a pretty general manner by overriding the send-method in WebSocket prototype, by executing the following in the browser:
window.WebSocket.prototype.oldSend = window.WebSocket.prototype.send;
window.WebSocket.prototype.send=function(data){
var toSend = prompt("Sending data",data);
this.oldSend(toSend);
}

However, I have not found any generic approach to intercept messages as they are received, since onmessage is not defined in the prototype but (in the case of jetty) is monkey-patched to the actual websocket-object post creation.
So, I have only made a jetty-chat-specific interception which looks like this:

room._ws.old_onmessage=room._ws.onmessage;
room._ws.onmessage=function(message){
var data = prompt("Receiving data",message.data);
room._ws.old_onmessage({data:data});
}

I have also tried using eventhandling to capture the message event, but had the same problem there : I haven't been able to add eventhandlers to the WebSocket prototype object, only to the actual instance (and my events are handled *after* onmessage is called) :
function handler(message)
{
var data = prompt("Receiving data",message.data);
}

window.room._ws.addEventListener('message',handler,true);

Interception of websocket traffic seems to be a bit of a black hole, or maybe I am just a very unskilled googler. Any ideas on this subject?

Fake SRV record (1 reply)

p0deje — Thu, 13 Jan 2011 20:59:25 -0600

It's good to see forum up again!

I have a pretty simple question. I want to connect to the remote server's SMTP (Exim), but it won't authorize me as long as my domain name is not listed in /etc/localdomains.

Is it possible to fake domain name I send, so it would match the one listed in localdomains. I suppose it can be done with proxies but not sure how exactly do this.

Information Security Conference (no replies)

james12 — Thu, 19 Aug 2010 00:31:51 -0500

Hacker Halted Conference-2010

Hacker Halted USA is a complete and comprehensive information security conference, with information security experts from all around the world presenting intriguing topics and discussing global security threats, as well as world class trainers leading top notch security training classes @ Hacker Halted | Academy. This is going to be a significant event for the information security community as it will cover a wide variety of agenda that is international in nature, and addresses current critical issues.

Hacker Halted aspires to be a complete and comprehensive conference cum workshop that will educate and equip its participants with the in-depth knowledge of understanding the vulnerabilities and the countermeasures to overcome the security infringements present today. The Hacker Halted series is aimed at providing the opportunity to CEOs, COOs, CIOs, CFOs, Senior IT Professionals and all other decision makers to assess the best practices in acquiring, implementing, managing and measuring information security.The event covers in-depth topics into various security issues plaguing the world. In addition to highlighting current digital security threat, renowned speakers and industry experts will also discuss the various means of protection and countermeasures in dealing with the digital threats.

EC-Council
LIVE CLASSES
So you are ready to be certified. Congratulations.
To be the best, you need to be trained by the best. EC-Council is proud to bring you Master Trainers who will listen, guide, coach and impart their knowledge to you from Oct 9 - 12, 2010 in Miami.

The three EC-Council Live Classes available for your choice are:

1. Certified Ethical Hacker (CEH)
http://www.hackerhalted.com/2010/Academy/LiveClass/CEH/tabid/253/Default.aspx

2. Computer Hacking Forensic Investigator (CHFI)
http://www.hackerhalted.com/2010/Academy/LiveClass/CHFI/tabid/254/Default.aspx

3. EC-Council Certified Security Analyst (ECSA)
http://www.hackerhalted.com/2010/Academy/LiveClass/ECSA/tabid/255/Default.aspx

CEH needs no introduction. To say it is the hottest commodity in the Information Security circle would be an understatement. As a security professional, CEH is a must in your arsenal, allowing you to entrench your application knowledge and building upon it to safeguard your network infrastructure.

Mention computer forensics, and most people would focus on the 'forensics' part. A post-mortem. A reaction. Lest we forget, knowing how something happens is important to ensure it or something similar does not happen again in the future: We learn from our mistake. The CHFI class promises to empower you with the skills and tools you need to run that trace and build a solid case for prosecution. But most important of all, CHFI gives you the ability to improve your system and stop the next intrusion/abuse from the onset.

ECSA works hand in hand with CEH by going into the analytical phase of ethical hacking. ECSA is a logical progression from CEH by giving you the skills to analyze the outcome from these tools and technologies. ECSA will assist you in conducting intensive assessments required to create a robust risk management system through groundbreaking penetration testing methods and techniques.

For more information visit this site: http://www.hackerhalted.com

Newbie - Two-Factor auth and virtual private network (no replies)

offtheboxuser — Wed, 11 Nov 2009 10:48:13 -0600

Hi.I'm setting up a pptp vpn (remote user at home dials up to my vpn server at work).We chose to deploy it with Microsoft RRAS.
Now we are being asked to add extra protection so users have to install a certificate in order to authenticate.I did my reading and i found this is done by adding EAP support to my PPTP vpn.
However adding EAP support means that authentication will only require a certificate installed at user location and therefore it won't require user/password authentication anymore.
Does anyone know of how to get user/password authentication and certificate authentication when accesing a pptp vpn?
Is there any other solution for this two-factor authentication using microsoft windows or linux?

thank you

Ssh chain tunneling (2 replies)

netpumber — Fri, 30 Jul 2010 04:38:56 -0500

Halo!!

Lets say i have ssh access into 3 servers (A, B, C).

I am the PC. Now how i can do a connection like this :

PC --> A --> B --> C through ssh connection?

So i can browse to the internet with the server's C ip.

Thanks..!

Alisse (no replies)

d4rw1n — Tue, 14 Jul 2009 08:24:32 -0500

Hello people,

I really didn't know where to put this post. I hope networking is the most appropriate.

Anyways, during a pentest, I found port 9025 open and when I connected with nc I got the following reply:

http://pastebin.ca/1494670

Do you think this is a web service listener or something like that?

I am open to ideas!

Wired Linksys Router (5 replies)

hoosiercub — Sun, 14 Feb 2010 18:11:45 -0600

I am a WISP subscriber, and Im fairly sure they're limiting my bandwidth capabilities.. and won't respond to my questions and emails about it. Its like my entire network is capped out at around 100kbps actual DL speed.. and a retardedly slow upload speed. Like 31kbps.. I have the best line of sight to the antenna possible I think.. Ive heard others with better speeds than I in worse off situations and the same service. So my question is.. when i access the router used by the WISP service 192.168.1.1.. its a Linksys wired router.. not sure exactly what model, but nothing fancy.. I get the standard credentials form.. and its not the default password/username.. and I was wondering if there was any way I could hack into that to check the settings on the router to see if they're limiting my connection somehow.

I realize how immoral it is lol.. but dammit when my lil bro is on live or watching youtube, and it slows my shit down.. for $40 a month.. I'm getting raped. And no, there are no other options than satellite.. and from my POV.. Satellite ISPs are a joke w/ equipment fees, outrageous monthly rates for DSL speed, and storm outages from cloud cover.. no thanks.

Windows small Proxy which do header rewrite on the fly? (3 replies)

dann — Fri, 13 Mar 2009 23:14:05 -0500

Hi!

Does anyone know to easy install and configure an web proxy for windows which enable headers rewrite?

I need to setup a fast web proxy at my windows box to replace all headers (before they are sent to the webserver) of the "Cookie" field and a proprietary header.

Well, I did look at the Paros for example and BurpSuite, however I only found a way to do it manualy (request by request), and I need a way to do it transparent - without user interaction (in the case, I), like a header rewrite on the fly.

Ex.: Find header "Cookie: user=XXXXXXXXccxcxscscs; tamp=23434732674272" and
replace it on the fly with "Cookie: user=YYYYYYYccxcxscscs;
tamp=111111111111111111; admin=1", and we can't forget that the proxy
have to deal and fix the size of the content-lenght - so just send the packet to the webserver.

Not so easy, ahn?

Check for example the manual of Paros, it only explain a manual section named: Trapping HTTP requests and responses.

Thanks for any input.

How can I hack a D-link route (2 replies)

osmanthus — Fri, 20 Mar 2009 13:38:02 -0500

Hi:
Everyone!
I want to hack a d-link route.
There are some informations about the route:
The OS is ecos, the CPU is WP3221,I want to make the upgrade-pack, write some code and add it to the upgrade-pack, and reset the system!
I don't hava the hardware manual and only have the the binary of upgrade-pack!

How can I do it?

Please give me some suggestions and help, thank you very much!!!!!!!!!!!!

PDF Password removal (6 replies)

br0kan — Tue, 13 Mar 2012 07:26:36 -0500

This topic didn't really fit anywhere and it is somewhat of a tangent. Regardless, I was wondering if anyone could explain how/why PDF password removal is possible in some cases. I know there are a multitude of tools out there to do it and understand that it is easy to do. What I am curious about is what exactly it is that those tools are doing.

Also I'm not interested in anything that has to do with Brute Force cracking of the passwords

Full Trust in .NET applications (no replies)

gunwant_s — Sun, 01 Mar 2009 07:52:23 -0600

Hi all,

I am not very sure if this question relates to this group but I couldn't find any other place for this question. Feel free to move it wherever appropriate.

What I am curious about is the 'Full Trust' configuration in .NET applications, which as we know is the default configuration for an application. Now I understand that 'Full Trust' enables the access of resources which are not meant for a malicious user to fiddle with. (Fyi) For example, The URL:

[http://www.test.com/download.aspx?file=report.pdf]

also enables a malicious user to access sensitive files. Say,

[http://www.test.com/download.aspx?file=../../../web.config]

That is basically exploiting the Full Trust of .NET applications.
Now my question. I want to know if one is to configure 'Partial Trust',how unmanageable is it? I read quite a lot of documentation on this although I couldn't figure out, what issues a particular application can confront while configured for 'Partial Trust'. I know web.config can be used for configuring 'Partial Trust' but what other details/settings do I need to consider for a perfect configuration of the same. And what problems can occur so I be cautious before in time?

Any thoughts on this?

Thanks.

Question about HTTP headers (10 replies)

rma88 — Sat, 22 Aug 2009 19:10:29 -0500

Hey everyone. I have recently started going through the WebGoat web application security CD, and the latest thing to do was find out the name for the authorization header and what the base64 encoded value was being sent between the server and me. Now, having logged in as guest/guest its no surprise when thats what it decodes to, but my question is does that mean if an .htaccess file is used for authentication then all you have to do is sniff the http packets and decoded the authorization header? That seems too easy so thats why I'm asking what step(s) am I missing? The authorization header is sent with every http header, so it's not like you would have to sniff it right as the user logged on.

Thanks for the input, its really appreciated.

WiCOM 2009 Call for Papers: Sept. 24-26, 2009, Beijing, China--zjh (no replies)

zjh100 — Thu, 19 Feb 2009 01:38:32 -0600

WiCOM 2009 Call for Papers: Sept. 24-26, 2009, Beijing, China--zjh

=======================================
Cognitive Radio: Special Session within WiCOM2009
CALL FOR PAPERS
http://www.wicom-meeting.org/
Beijing, China September 24-26, 2009
======================================
Topics:
Spectrum Sensing
Route Algorithm
Spectrum Management
Network Reconfiguration
Architecture of Open-cooperate System
Application
Spectrum Hole Detecting
Theory Model and Validating System
Spectrum Allocation
Resource Optimization
Network Security
SDR Concepts, Theory and Applications
High-Speed A/D and Circuits
Protocol Reconfiguration
Detecting & Interference
Digital Intermediate Frequency
Protocol Fuse
Power Control

The aim of the special session is to stimulate the exchange of ideas and experiences between
researchers and practitioners in the field of cognitiveradio. This sepcial session will be held
from September 24-26, 2009 in Beijing within WiCOM2009. All papers accepted will be indexed by
EI Compendex.For more information, please contact: wicom@scirp.org

what can you do with someones PPPoE acct? (3 replies)

JoJo100 — Fri, 13 Feb 2009 19:38:29 -0600

alright so i port scanned and found an IP with open port 80, got into the router with with default username/password and went to the PPPoE login and viewed the source to get their actual username and password instead of the "*****"'s now what could i do with this informatin?

How to identify the behavior of an online game client? (1 reply)

Jorginhu — Thu, 12 Feb 2009 19:20:26 -0600

I play a lot of online games.. And I've already found a lot of "cracks" for them online.. but then I saw myself in front of 2 problems:

1. None of them work on LINUX plataforms (and I hate Windows);
2. None of them are "perfect".

So, I'd like to build one by myself.

I know that these kind of games run on an client-server system. And, when I click, for exemple, on the screen to "use an item" like eating some food, the client sends a COMMAND (probably a function) to the server, and then the server identify the command, run the process, and send back the action.

So, the point is.. Im using UBUNTU. I'd like to know, if there's any way to IDENTIFY the COMMAND that is sent when I do the action, while the program is running. I don't know if I made myself clear, but I hope so =P.

Or, If u don't know, if u could suggest any website, tuturials, e-books or something where I could find such answers...

Thanks in advance for the help.

Hugs!!

Default [Doubt]How to manipulate POST header (1 reply)

movien — Tue, 06 Jan 2009 10:19:37 -0600

hello everyone.

I need any of you to kindly explain about manipulating POST header.

I am not a pro,so please be simple!

I just know to view the POST headers using the Live http header firefoX addon.
Can the manipulating of a POST header change the data being sent to the server?

've read some where about POST manipulation vulnerability.
Like some site xxx.in sends to yyy.in some information,mostly if suppose xxx.in is a shopping site and yyy.in is the online banking site where in which a user has a bank a/c.
So the cost of the product can be manipulated in the POST header and I've heard it is encrypted in base 64 which is quite easy to decode.

Please help me out

Thnx in advance

Logging POST requests. (2 replies)

clooless — Mon, 03 Nov 2008 10:11:29 -0600

Just looking for a way of logging typical form POST requests such as:-

#define PCI_PRODUCT_NVIDIA_MCP73_LAN4 0x07df
and add the following lines after it:

#define PCI_PRODUCT_NVIDIA_MCP77_LAN1           0x0760
#define PCI_PRODUCT_NVIDIA_MCP77_LAN2           0x0761
#define PCI_PRODUCT_NVIDIA_MCP77_LAN3           0x0762
#define PCI_PRODUCT_NVIDIA_MCP77_LAN4           0x0763

next edit if_nfe.c and find these lines:

        {PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP73_LAN4,
            "NVIDIA nForce MCP73 Networking Adapter"},

and add the following lines after it

        {PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP77_LAN1,
            "NVIDIA nForce MCP77 Networking Adapter"},
        {PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP77_LAN2,
            "NVIDIA nForce MCP77 Networking Adapter"},
        {PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP77_LAN3,
            "NVIDIA nForce MCP77 Networking Adapter"},
        {PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP77_LAN4,
            "NVIDIA nForce MCP77 Networking Adapter"},

go down further in the file to:

        case PCI_PRODUCT_NVIDIA_MCP73_LAN4:

and add:

        case PCI_PRODUCT_NVIDIA_MCP77_LAN1:
        case PCI_PRODUCT_NVIDIA_MCP77_LAN2:
        case PCI_PRODUCT_NVIDIA_MCP77_LAN3:
        case PCI_PRODUCT_NVIDIA_MCP77_LAN4:

I'll make a patch and submit it once I'm done testing.

siemen router (2 replies)

viewme — Wed, 10 Sep 2008 20:46:14 -0500

hello everybody. i want to seek for your help.

i had this router from my isp. bought it from them and its a new one. the technician didn't gave the password for the router. i can't understand his reason why he don't want to give it. so i called the customer service and asked for it. but no answer from them.

i want to change the ip configuration of my router as i am sharing with some of my colleague and to limit their internet usage as well.

i know the username but i don't know the password. anyone can guide me how to hack/read the password?

thanks!

---
the router don't have the reset button. it's like it was customised.

Some networth* help!?! ACK! (4 replies)

pixelninja — Tue, 09 Sep 2008 15:06:30 -0500

Your blog posts are the up most. If anyone knows about my problem you would. If you have the time! Thanks.

Ok for starters Ill start off with the regular praise of this site and its members. I like to ask questions to someone who knows wtf there doing instead of some of the other sites knowing close to nothing about what Im going to say...thanks in advance for any help with this.

Earlier I started up ethereal to see why my network was running slowly. I found this (sent to hazl0oh.is-a-chef.com 65.24.7.10) a small amount of data trying to go to that ip. After some research I found it was some sort of bd supposedly it uses your current default browser to communicate with the listed website.

I have no out of the ordinary running process's updated version on nod32. I see nothing out of the ordinary other than the ip isn't resolving for me.

Here is a screenshot. Anyone know what this is, how I can get rid of it? Or better yet what to look for so I can check it out myself in detail, it looks like it works rather well.

Go to the store to buy something you might get what you want.
Go to the source to buy something you will get what you want.

I love this site@_@

SS:

ceaserone(@)gmail.com

Java apple - hostname (1 reply)

peternovak — Sun, 03 Aug 2008 22:25:14 -0500

Hello, I am looking for a java applet, witch can show me some host information (hostname, logged user...). Something simple like: http://reglos.de/myaddress/MyAddress.html with IP but other info...

... and one question else... Is it possible to find client's default email address configured in MS OUTLOOK with java applet?

Thenk you very much...

Another firewall bypassing nuisance (4 replies)

periqueador — Wed, 09 Jul 2008 15:09:44 -0500

Hey guys :) i'm kinda new to this forum and I'd like to see if someone can enlighten me on a little issue im having.

So, theres a webserver running on port 80, behind a firewall, this firewall does not let the webserver access the internet UNLESS I have initiated a connection.

(Request Diagram)
[Me:1234] {request}-> *internet* {request}-> [firewall] {request}-> webserver:80

(Response Diagram)

*[Firewall Rule]
*[Did 1.2.3.4 opened from port 1234 a request on webserver:80previously?]

webserver:80 response-> [Firewall Rule] YES {FORWARD}-> *internet* ->response [Me:1234]
/////////////////////////////////////// NO -> [Drop packet]

Sorry for the lame diagram heh, so, the only visible port from the outside is port 80, is there any way to increase the connectivity to the target LAN?

I've seen a few examples like php-findsock-shell: http://pentestmonkey.net/tools/php-findsock-shell/ -- thought this app only works on php/linux AND the target server is running Windows/Coldfusion.

What is the best approach on this situation? I've seen also other methods like process doubling, discussed on: http://ha.ckers.org/blog/20080127/process-doubling/ thought I couldnt find any real life implementation.

Browsing through the forum I also found some discussions that mentioned setting up PPTP on the webserver, is this also possible on a Coldfusion server? And would this raise any flags?

ICMP Traffic Handling Via Firewall (13 replies)

CrYpTiC_MauleR — Wed, 09 Jul 2008 11:46:45 -0500

Currently I have any ICMP packet blocked for incoming and outgoing. I see numerous attempts for outgoing to my router and DNS servers. Should I allow these for better network performance, am I being too paranoid?

I read this awhile back this http://securitylabs.websense.com/content/Alerts/1178.aspx and am wary of allowing any outgoing. Is it safe to assume it is ok for me to allow outgoing ICMP to the router and DNS server IPs? If so what types should be allowed?