mailing list archives
Re: RE: Fw rule set question
From: dave.long () freenet co uk
Date: 1 Aug 2007 13:05:24 -0000
The point is that these ICMP messages will not elicit replies, so cannot be used to 'enumerate' networks. They could
potentially be spoofed to create some sort of DoS attack, but the difficulties involved make it an unlikely method to
If you're going to allow any ICMP from the Internet, these are the messages you'd want (plus, maybe, Echo Reply).