Re: Ok to let all ICMP traffic through firewall?
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Ok to let all ICMP traffic through firewall?

From: Bob Eager <rde42@spamcop.net>
Date: Fri Sep 23 2005 - 00:30:27 CEST



On Thu, 22 Sep 2005 22:19:07 UTC, Leythos <void@nowhere.lan> wrote:



> In article <96D9EC61DFA1E71F3M4@66.250.146.159>, no_thanks@mail.com 


> says...


> > My question is Should a firewall let all ICMP traffic through because 


> > there is no real risk if they do?


> 


> The common sense rule is to LET NOTHING IN that doesn't have a good 


> reason to be let in.



In practice, you need to let a few ICMP messages through, then. For 


example, source quench and destination unreachable.



-- 
[ 7'ism - a condition by which the sufferer experiences an inability
to give concise answers, express reasoned argument or opinion.
Usually accompanied by silly noises and gestures - incurable, early
euthanasia recommended. ]


Received on Thu Sep 29 20:10:15 2005