Questions about ICMP
offset
offset at ubersecurity.org
Thu Dec 6 16:34:53 UTC 2007
On Wed, Dec 05, 2007 at 03:27:33PM -0800, Daniel B. Thurman wrote:
>
> Should ICMP packets be allowed both over the
> Internet or should it be allowed to pass only in
> the local networks?
>
> I have a firewall appliance and trying to make sure
> that I am being secured properly.
>
> Thanks!
>
ICMP has many types, I assume you are referring to ICMP ECHO request/reply (for ping) and perhaps use rate limiting (ie. 5 requests/sec)
Your call if you want people to ping you or not, a lot of people assume ICMP echo doesn't work and just check for the existence of listening ports anyway (port 80, 443)
--
offset
More information about the users
mailing list