Re: Removing ping/icmp from a network
- From: "Mark Owen" <mr.markowen@xxxxxxxxx>
- Date: Thu, 27 Mar 2008 13:09:27 -0400
On Thu, Mar 27, 2008 at 12:25 PM, Jason <securitux@xxxxxxxxx> wrote:
*snip*
The idea is to limit your Internet footprint to make it as difficult
as possible for an attacker. There is no need for a web server to
respond to ping from the Internet for example.
It is very critical that your web server responds to ICMP on the
Internet. If you go out of the way and ignore essential protocols for
IP over a public network, you're just going to create a headache for
all of us.
Without ICMP, it is very difficult for us to determine where a problem
exists when our clients complain about slow load times or
inaccessibility to your website. No ICMP means no basic trace
routing, no basic latency checks, and no basic error reporting. So
even if the problem is somewhere in our infrastructure that limits or
prevents access to your site, you're going to get the blame and bad
reputation of an unstable server. If it doesn't respond to ping, and
can't be traced, its not our fault that our client can't access your
site, it's yours.
--
Mark Owen
- Follow-Ups:
- Re: Removing ping/icmp from a network
- From: Jason
- R: Removing ping/icmp from a network
- From: Vega - Brunello Ivan
- Re: Removing ping/icmp from a network
- References:
- Removing ping/icmp from a network
- From: Secure This
- Re: Removing ping/icmp from a network
- From: Jason Thompson
- Re: Removing ping/icmp from a network
- From: Ansgar -59cobalt- Wiechers
- Re: Removing ping/icmp from a network
- From: Jason
- Removing ping/icmp from a network
- Prev by Date: Re: DoD aproved disk wiping tool
- Next by Date: Re: File sharing with Bittorrent: what possible security threads?
- Previous by thread: Re: Removing ping/icmp from a network
- Next by thread: R: Removing ping/icmp from a network
- Index(es):
Relevant Pages
|
