Thanks to all for the replies so far. Here is a note from our Firewall
admin on one of the suggestions. Any comments?
Thanks
Barry
>Sorry Barry, but I disagree with that statement. We need to block
>multiple icmp requests. Hackers can use it as a tool to scan other
>services on the network. By blocking them after 4 attempts. We stop
>them before they can discover more about the network.
>MTU discovery on the internet is useless and bandwidth consuming.
>MTU discovery should only be used on an ethernet network to determine
>packet size on the network.
>>Stop ICMP protocol is a bad idea on an IP network like internet.
>> Just block echo request, but not the whole ICMP.....
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
