Re: Ok to let all ICMP traffic through firewall?
From: Walter Roberson (roberson_at_ibd.nrc-cnrc.gc.ca)
Date: 09/23/05
- Next message: Hairy One Kenobi: "Re: Ok to let all ICMP traffic through firewall?"
- Previous message: Wolfgang Kueter: "Re: Ok to let all ICMP traffic through firewall?"
- In reply to: Peter: "Re: Ok to let all ICMP traffic through firewall?"
- Next in thread: Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Sep 2005 23:06:03 +0000 (UTC)
In article <433331d9$0$32652$da0feed9@news.zen.co.uk>,
Peter <abuse@dopiaza.cabal.org.uk> wrote:
:However blocking all
:ICMP is throwing the baby out with the bathwater and will cause more
:bother than not blocking anything.
"more bother" depends on whether you are being deliberately attacked
or not.
:I would suggest allowing ICMP Echo and Echo Reply (so ping works),
Typically, outsiders have no business mapping out exactly which
of your systems exist or are up right now, so dropping most incoming icmp
echo is a common security precaution. Whether to allow icmp echo
to public-facing servers varies with circumstance.
-- If you like, you can repeat the search with the omitted results included.
- Next message: Hairy One Kenobi: "Re: Ok to let all ICMP traffic through firewall?"
- Previous message: Wolfgang Kueter: "Re: Ok to let all ICMP traffic through firewall?"
- In reply to: Peter: "Re: Ok to let all ICMP traffic through firewall?"
- Next in thread: Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
