Home page logo
/

basics logo Security Basics mailing list archives

Re: Removing ping/icmp from a network
From: Ansgar -59cobalt- Wiechers <cobalt () planetcobalt net>
Date: Tue, 1 Apr 2008 14:27:38 +0200

Mike,

I think your mail was supposed to go to the list rather than me
personally, so I'll CC my reply to the list.

On 2008-04-01 Mike Preston - Technomonk Industries wrote:
Ansgar -59cobalt- Wiechers wrote:
ICMP does not increase your exposure. That's plain and utter
nonsense. Either your hosts are epxosed or they're not. ICMP doesn't
change the least about this. Security by obscurity will not help and
is not a replacement for actual security. What is so hard to
understand about that?

As a matter of interest, does anyone know of an ICMP exploits besides
DoS? If there are none, then the whole problem is moot. As I
understand it ICMP is an integral part of the TCP stack and as such
the code will be there whether you block ICMP or not, so short of
having a buggy TCP stack it shouldn't increase exposure much if at
all.

Well, Ping of Death comes to mind, but that issue has been fixed ages
ago.

Personally, I'd rather have my connection slow down because the far
end told it to (source quench) than have a bottleneck cause lost
packets and have to detect this. The packets still hit all the routers
up to the drop point so this increases potential load for everyone.
The DoS potential is still pretty small from this with the rise of the
massive bot nets available to flood your connection.

Indeed.

Regards
Ansgar Wiechers
-- 
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]