Re: Ok to let all ICMP traffic through firewall?
From: Hairy One Kenobi (abuse_at_[127.0.0.1)
Date: 09/25/05
- Next message: Walter Roberson: "Re: Ok to let all ICMP traffic through firewall?"
- Previous message: Volker Birk: "Re: Ok to let all ICMP traffic through firewall?"
- In reply to:(deleted message) Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Next in thread: Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Reply:(deleted message) Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 24 Sep 2005 23:43:06 GMT
"Leythos" <void@nowhere.lan> wrote in message
news:MPG.1d9f8e2789e1e72a98a110@news-server.columbus.rr.com...
> In article <YbcZe.11$K77.9@newsfe2-gui.ntli.net>, abuse@[127.0.0.1]
> says...
> > Like most non-ISPs, I don't have a dedicated 24x7 staff to monitor
systems
> > (this is a home network, before someone starts slinging companies that
*do*
> > have this requirement).
>
> Like I've said many times before - ICMP is exposed to partner
> sites/companies, blocked to the rest of the world. If we have no
> communications need with you then we don't expose anything to you.
>
> Your example of Ping would fall into a business need - so there would be
> a rule exception allowing PING from your designated monitoring service.
Actually, it's not that simple (I'll stress again that this is *my*
particular need, but not one that is particularly uncommon)
My monitoring service is me, with either my phone or a laptop.
I need to be able to connect from a variety of countries, and a (for my
purposes) essentially random series of ISPs and routing networks.
I understand completely that this isn't the same as /your/ need - you are
obviously providing a specific service to a very geographically limited set
of known users. Although I'd be wary, once one of them attempts DR. 'Tis
amazing what comes out of the woodwork when that happens... I've had to do
it for real, courtesy of the PIRA.
H1K
- Next message: Walter Roberson: "Re: Ok to let all ICMP traffic through firewall?"
- Previous message: Volker Birk: "Re: Ok to let all ICMP traffic through firewall?"
- In reply to:(deleted message) Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Next in thread: Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Reply:(deleted message) Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
