RE: [FW1] Blocking ICMP

[Tom Louis]

Yes you can run a port scan against IP addresses. You do not need a ping reply. I can block ping reply from a Web server but port 80 will still respond since it is a web server.   Thomas Stala [EMAIL PROTECTED] Hope this helps   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steven Schuster Sent: Monday, June 11, 2001 10:00 AM To: '[EMAIL PROTECTED]'; Tony Wong; [EMAIL PROTECTED] Subject: RE: [FW1] Blocking ICMP   Juan, I would have to disagree with that.  There are ways to run scans on machines that don't response to ping.  It makes the scan run longer, but it will look for any and all ports on all addresses within the range you set.   Steve Schuster Midwest ISO Security Analyst -----Original Message----- From: Juan Concepcion [mailto:[EMAIL PROTECTED]] Sent: Saturday, June 09, 2001 8:10 PM To: Tony Wong; [EMAIL PROTECTED] Subject: RE: [FW1] Blocking ICMP People can't attack what they can't see/detect.   Juan Concepcion Network Engineer/Security Consultant CCSA/CCSE E-Mail: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tony Wong Sent: Friday, June 08, 2001 11:55 AM To: [EMAIL PROTECTED] Subject: [FW1] Blocking ICMP How does blocking ICMP make my firewall more secure?