Re: Port 8 Echo Request - Should I allow on my Firewall?
From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 10/17/03
- Next message: mamabear: "Identification of program 'msdmxm.exe'"
- Previous message: Keith W. McCammon: "Re: Port 8 Echo Request - Should I allow on my Firewall?"
- In reply to: Wayne: "Port 8 Echo Request - Should I allow on my Firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 17 Oct 2003 16:02:04 -0400
Inbound ICMP should always be blocked. Actually, *all* unneeded ports should
always be blocked.
Wayne wrote:
> Hi
>
> My checkpoint firewall is constantly blocking requests on
> port 8 Echo Request. The sources of these echo requests
> are numerous. However, I notice several of the source IP's
> occur in my log more than once.
>
> From what I've read, port 8 Echo Request is port of the
> ICMP protocol, which is part of IP. It can be used for
> good and bad purposes. It is good in such a way that a
> network admin can detect the Operating System of a unknown
> new node on the network. It is bad in such a way that a
> hacker can create a "map" of my network to prepare his DOS
> attack.
>
> I don't manually use ICMP to discover new nodes on my
> network.
>
> So, should I block incoming connections on port 8 Echo
> Request?
>
> Thanks
>
> Wayne
- Next message: mamabear: "Identification of program 'msdmxm.exe'"
- Previous message: Keith W. McCammon: "Re: Port 8 Echo Request - Should I allow on my Firewall?"
- In reply to: Wayne: "Port 8 Echo Request - Should I allow on my Firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
