View Poll Results: Block or ALLOW ICMP packets over public router interfaces?
- Voters
- 9. You may not vote on this poll
-
December 4th, 2003, 02:04 PM
#1
ICMP Packets
Just curious about how you handle ICMP packets (most commonly ping and trace route) on your public router interfaces.
I see two sides to the decision to block ICMP packets:
1. Block them, as they let people know that you are "there".
2. NO!!! Don't block because it becomes a pain to test for connectivity remotely.
Thanks!
BB
-
December 4th, 2003, 02:14 PM
#2
Registered User
I have it enabled, easier to see what is going on and where when I do a ping or tracert. However, everything else is locked down and the password is complex enough for the peace of my paranoid mind.
-
December 4th, 2003, 02:16 PM
#3
Registered User
Lots of ISP's require that you allow ICMP packets........
-
December 4th, 2003, 04:08 PM
#4
Registered User
My old boss went to Network Associates for security training a few years back. They showed him a number of ways ICMP is used to break into a network. The coolest thing was a 'magic door' that opened a port when you hit the port with a sequence of different sized ICMP packets.
Jist of the story/conference was that ICMP is at best unsecure and at worst a menace.
The fact that an ISP would require ICMP is a strong indication of their technical knowledge. It's sad 
-
December 5th, 2003, 09:10 AM
#5
Geezer
 Originally Posted by DocPC
Lots of ISP's require that you allow ICMP packets........
Well yeah ... but not from the entire bloody internet  , only trusted/required ips ...
So that tells me there ought to be a 3rd 'much better' option in the poll - only allow icmp to/from trusted ips & block the rest 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks