mailing list archives
Re: ICMP (was: daily internet traffic report)
From: James Edwards <hackerwacker () cybermesa com>
Date: Sun, 17 Oct 2004 14:21:06 -0600
On Sun, 2004-10-17 at 12:55, Frank de Wit wrote:
I thought I asked a question ; the answer 'yes' should have been
Just joking, let's ask two other questions:
-when you read about ICMP fingerprinting (see Ofir Arkin's great articles)
-and you see tools like Xprobe and a lot of other OS-fingerprinting tools
I might be wrong, but:
a) do you still think ICMP is a good thing in relation to security (by
It gains little, there are other ways to tell if you are there. Those
who only use ping to identify hosts are on the low end of the skill
curve and it is those on the upper end of the skill curve that may have
to skills to compromise your firewall/hosts.
b) why would you need ICMP from the internet to your perimeter/DMZ-devices?
PathMTU. You will not move any packets unless your host can negotiate MTU
along the path.
So, blocking ***all*** ICMP ***types*** is bad but you can block some ***types***
without getting into trouble. Till you understand that all the types do in relation
to networking I would leave the alone.
Description: This is a digitally signed message part
Re: [SPAM] Your daily internet traffic report Willem Koenings (Oct 17)
Re: ICMP (was: daily internet traffic report) Barrie Dempster (Oct 18)
Re: ICMP (was: daily internet traffic report) Ron DuFresne (Oct 18)
Re: ICMP (was: daily internet traffic report) Frank de Wit (Oct 18)