Re: Ok to let all ICMP traffic through firewall?

From: Bob Eager (rde42_at_spamcop.net)
Date: 09/24/05

  • Next message: Bob Eager: "Re: Ok to let all ICMP traffic through firewall?" 
    Date: 24 Sep 2005 09:35:00 GMT

    On Sat, 24 Sep 2005 02:04:37 UTC, Leythos <void@nowhere.lan> wrote:

    > In article <176uZD2KcidF-pn2-pu05rwv5JXnr@rikki.tavi.co.uk>, rde42
    > @spamcop.net says...
    > >
    > > ICMP isn't a service, but part of the underlying protocol stack; a fact
    > > which you ignore because you apparently don't know any better.
    >
    > Sorry to have confused you with other things I block. You said that I
    > was breaking things by not allowing ICMP, I said that many security
    > types block most things, not just ICMP and also indicated some things I
    > block.

    By bundling the two together, you indicated a lack of understanding of
    the difference...

    "Blocking Ping is very common, as is blocking inbound 135~139, 445, FTP,
    etc..."

    > Nothing in the RFC indicates I have to permit ICMP of any type - please
    > show where it's mandated if you want to continue this, oh, and don't
    > quote the RFC since I've already read it, years ago, and it's not
    > mandated that I permit any ICMP inbound to my network.

    As I said before...do what you like...it'll be your problem, not mine.
    Oh, and I probably read the RFC long before you, anyway. 

    -- 
[ 7'ism - a condition by which the sufferer experiences an inability
to give concise answers, express reasoned argument or opinion.
Usually accompanied by silly noises and gestures - incurable, early
euthanasia recommended. ]
  • Next message: Bob Eager: "Re: Ok to let all ICMP traffic through firewall?"

    Relevant Pages

    • Re: Ok to let all ICMP traffic through firewall?
      ... not just ICMP and also indicated some things I ... "Blocking Ping is very common, as is blocking inbound 135~139, 445, FTP, ... Oh, and I probably read the RFC long before you, anyway. ...
      (alt.computer.security)
    • Re: Ok to let all ICMP traffic through firewall?
      ... not just ICMP and also indicated some things I ... "Blocking Ping is very common, as is blocking inbound 135~139, 445, FTP, ... Oh, and I probably read the RFC long before you, anyway. ...
      (comp.security.firewalls)
    • Re: Traceroute anomaly
      ... RFC 1122, "Requirements for Internet Hosts - Communication Layers", ... interest regarding this disputed "change" to ICMP processing concerns ... ICMP packet ought not to be created - about whether or not an ICMP ... The ICMP-based traceroute relies on undocumented behaviour no matter ...
      (comp.dcom.sys.cisco)
    • Re: Traceroute anomaly
      ... Hm - checking back on previous exchanges I have had over traceroute I ... I'm sorry I "muddied the water" with RFC 1393 and the IP "route ... Do remember that I said I used to teach ICMP and what seems to have ... generated when the packet which might give rise to the ICMP packet is ...
      (comp.dcom.sys.cisco)
    • Re: Traceroute anomaly
      ... RFC 1812 states specifically that ICMP is defined in RFC 792, ... In the section which mentions when an ICMP packet MUST NOT be sent, ... ICMP error messages are ...
      (comp.dcom.sys.cisco)