Re: About ping request?

From: Mike Coppins (mike@legolas.com)
Date: 05/27/02 

Date: Mon, 27 May 2002 15:52:44 +0100
To: focus-ms@securityfocus.com
From: Mike Coppins <mike@legolas.com>

At 24/05/2002 12:33, Jens Benecke wrote:
>On Mon, May 20, 2002 at 11:06:31AM -0700, Patrick Morris wrote:
>
> > Jens Benecke schrieb am Monday, den 20. May 2002:
> > > IMHO: blocking ping requests is a common beginner's mistake, or
> > > rather, useless action. If you block ping requests you will make
> > > diagnosing your network harder and some services will run slower.
> > I'd have to disagree. You'd be amazed what kinds of nastiness can be
> > hidden in traffic disguised as a ping. As with any other traffic, the
> > best policy to follow (in my opinion, of course) is to not allow it if
> > you don't need it.
>
>Please elaborate. I don't see what 'nastiness' can be hidden inside an
>ICMP echo-request packet, unless your TCP/IP stack is really severely
>broken.

I think you just answered your own question :)

While I agree with the idea of disabling (or blocking when disabling not
possible) everything you don't need/use, there's a limit to that, and
unless your servers are getting ping flooded, blocking ping requests
generally tend to be more of a hindrance than anything. 

-- 
Mike Coppins
mike@legolas.com
http://www.legolas.com/
Seeking new employment: http://www.legolas.com/mikes/cv.html