This was a problem when filtering Nachi while it pinged
to their knees.
Sometimes I wonder if there is any legitimate reason to allow
pings from users at all. If the user really needed to
ping, that is, if they were in a position to do anything about
results of the ping tests, then they would know enough to
use traceroute in UDP mode or some other tool.
There are lots of other useful ICMP types to handle
the other ICMP needs, but ping seems to be
that was created for the convenience of a kind of
that is effectively extinct in todays Internet.
ICMP echo is unique among ICMP types in that it is
only one that elicits it's own response. What I mean
this is that source-quench, <foo>-unreachables, and
are all generated by hosts and routers in response to
relatively stateful traffic. There is nothing that
do that SNMP (I know, I know) and traceroute
accomplish in a more controlled fashion, no?
It would kill alot of DDoS attacks and render their
networks useless, retire legacy backdoors and viruses, up
the ante for network management tools, and
some virus propagation substantially.
ICMP echos are a bit of a hack and, quite literally,
and I wonder if it may be time to consider
retiring them using filters.
Jamie.Reid, CISSP, email@example.com
Security Specialist, Information Protection Centre
416 327 2324
>>> "Sean Donelan"
<firstname.lastname@example.org> 12/03/03 05:12pm >>>
You could drop
ICMP packets at your firewall if the firewalls properly
inspection of ICMP packets. The problem is few
firewalls include ICMP
responses in their statefull analysis. So you are
left with two bad
choices, permit "all" ICMP packets or deny "all"