RE: [FW1] Blocking ICMP

[Carl E. Mankinen]

If it's just a DDoS, they can flood a single address (in use or not) on your subnet and have the affect of killing your entire subnet if you can't handle the traffic load.   There are other ways of scanning/finding hosts than just using ICMP.   1) you can just do a service connect scan.   2) you can dig into their DNS zone and see what you can find. Often people will use a naming scheme which you can infer other hostnames from. etc. Sometimes they might just return ALL records... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Juan Concepcion Sent: Saturday, June 09, 2001 9:10 PM To: Tony Wong; [EMAIL PROTECTED] Subject: RE: [FW1] Blocking ICMP People can't attack what they can't see/detect.   Juan Concepcion Network Engineer/Security Consultant CCSA/CCSE E-Mail: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tony Wong Sent: Friday, June 08, 2001 11:55 AM To: [EMAIL PROTECTED] Subject: [FW1] Blocking ICMP How does blocking ICMP make my firewall more secure?