Re: Ok to let all ICMP traffic through firewall?

From: Art (null_at_zilch.com)
Date: 09/23/05

• Next message: Dimitri Maziuk: "Re: Ok to let all ICMP traffic through firewall?"
• Previous message: jameshanley39_at_yahoo.co.uk: "Re: Ok to let all ICMP traffic through firewall?"
• In reply to:(deleted message) Leythos: "Re: Ok to let all ICMP traffic through firewall?"
• Next in thread: Leythos: "Re: Ok to let all ICMP traffic through firewall?"
• Reply:(deleted message) Leythos: "Re: Ok to let all ICMP traffic through firewall?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 23 Sep 2005 18:26:33 GMT

On Fri, 23 Sep 2005 17:36:47 GMT, Leythos <void@nowhere.lan> wrote:

>> but what if an ISP or non ISP telephone computer tech is diagnosing a
>> non technical home user. The user doesn't have the ability to block
>> ICMP on only certain hosts. The homse user isn't running any services
>> either(may be behind a NAT device). Ping is ideal in this instance.
>> what other option is there to see that he is online,. as a first step
>> in diagnosing the problem?
>
>Sorry, that's not a good reason. The ISP can see if the modem is on-
>line, and the ISP can see if there is a connection between the modem and
>the NAT device or PC at the hardware level. You don't have to allow ping
>for any testing/reason, there are always ways around it.

I'm curious .... how does the ISP know?

In that vein, I noticed Sygate alerting on the kernel (I think it was)
calling out. Using the traffic log I found that the attempts were to
my ISP. Blocking the attempts has no effect on my internet activity,
as near as I can tell. I wonder what the purpose of this attempted
outbound might be. I don't use any software supplied by my ISP, so
it's not spyware (which some ISPs do use).

Art
  
http://home.epix.net/~artnpeg

---

• Next message: Dimitri Maziuk: "Re: Ok to let all ICMP traffic through firewall?"
• Previous message: jameshanley39_at_yahoo.co.uk: "Re: Ok to let all ICMP traffic through firewall?"
• In reply to:(deleted message) Leythos: "Re: Ok to let all ICMP traffic through firewall?"
• Next in thread: Leythos: "Re: Ok to let all ICMP traffic through firewall?"
• Reply:(deleted message) Leythos: "Re: Ok to let all ICMP traffic through firewall?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: no dns name ... if you can't ping external IP addresses.. ... I think there is a problem with the modem, I may exchange it for a different ... came home from work last night no internet, and this morning still no joy, ... ISP can talk to the modem, I can't ping anything using the Cmd Screen. ... (microsoft.public.windowsxp.general) Re: no dns name ... If you cannot ping an external IP address then this is not a DNS issue. ... Defective modem ... ISP can talk to the modem, I can't ping anything using the Cmd Screen. ... (microsoft.public.windowsxp.general) Re: Simple Question About NAT Routers ... >> is) but I cannot ping myself? ... >> the ISP service. ... You may need to register your new Netgear ... >> NETGEAR router? ... (comp.os.linux.networking) Re: no dns name ... I'm using my work pc, so no downloads possible, I'll have to find a friends ... I think there is a problem with the modem, I may exchange it for a different ... ISP can talk to the modem, I can't ping anything using the Cmd Screen. ... (microsoft.public.windowsxp.general) Re: help needed for Ubuntu 8.04 on HP 6720s notebook ... Can you ping your own IP that you received from the ISP? ... Do you connect to the Internet ... I am 100% sure that my ISP does not have DHCP. ... (Ubuntu)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.misc  > 2005-09