So now you have a *business* choice to make: is it more important
to your business that you (a) be able to exchange mail with those
folks, or (b) prevent hackers *who forge that particular IP address*
from scanning your network? I know which way every boss I've ever
worked for would decide....
David Gillett
On 7 Jun 2001, at 13:23, Barry George wrote:
>
> Thanks to all for the replies so far. Here is a note from our Firewall
> admin on one of the suggestions. Any comments?
>
> Thanks
> Barry
>
>
> >Sorry Barry, but I disagree with that statement. We need to block
> >multiple icmp requests. Hackers can use it as a tool to scan other
> >services on the network. By blocking them after 4 attempts. We stop
> >them before they can discover more about the network.
>
> >MTU discovery on the internet is useless and bandwidth consuming.
> >MTU discovery should only be used on an ethernet network to determine
> >packet size on the network.
>
>
>
> >>Stop ICMP protocol is a bad idea on an IP network like internet.
> >> Just block echo request, but not the whole ICMP.....
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
