Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Why block incoming pings?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Why block incoming pings?
Authored by: Anonymous on Aug 26, '03 11:52:53AM
ICMP is used by many networking systems and applications. It exists for a reason. Blocking it defeats its whole purpose and doesn't add any security to your system. The traffic should be allowed unless the system has a particular reason for turning them off. Blocking protocols without understanding why and how things work on a network is not secure at all. It just breaks things.

---
--
Gypsy

[ Reply to This | # ]

Why block incoming pings?
Authored by: Alrescha on Aug 26, '03 07:05:40PM

Ummn... I prefer to think of it in this way:

The Internet is not your local in-house LAN. Every bored script-kiddie will be running programs to attempt to break into every computer in sight.

No traffic should be allowed unless the system has a particular reason for turning it on. Allowing protocols without understanding why and how things work on a network is not secure at all.

Turning off ICMP will not harm anything. The chances of getting a real, valid, and useful ICMP message (a redirect, perhaps) are practically nil. The chances that a script tries to ping you before launching a full-fledged attack are much greater.

A.



[ Reply to This | # ]
NONSENSE
Authored by: macubergeek on Aug 27, '03 09:46:29AM

The internet dosn't need to know my machine is reachable.
Secondly after battling Blaster worm for two weeks now, droppig icmp is a good idea. At least you can save your firewall from being hammered.



[ Reply to This | # ]