RE: [FW1] Blocking ICMP

[Juan Concepcion]

I am very well aware of that.  My point, as you've restated in your rebuttal, is that the less a hacker has at his fingertips with which to develop an overview of your network, the harder it will be for him to mount a successful attack.  While ping is just a scratch at the surface of possible attack methods it's removal is another notch on the belt of the administrator trying to protect his network.        If my answer was not clear the first time I apologize.  Next time I'll try to be a little bit more detailed into the explanation of such things.  I was just under the impression that we we're, to some extent, professionals capable of comprehending the meaning behind short explanations.       I also have to say that I've done some extensive testing on Checkpoints firewall with the majority of the Security scanners out there, nmap in particular, and if you've been able to do a successful scan on a Checkpoint firewall, properly configured of course, without it being noted in the logs, I tip my hat to you.  Maybe it's time for me to go back to basic training.   Juan Concepcion Network Security Consultant CCSA/CCSE Certified  E-Mail: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steven Schuster Sent: Monday, June 11, 2001 10:00 AM To: '[EMAIL PROTECTED]'; Tony Wong; [EMAIL PROTECTED] Subject: RE: [FW1] Blocking ICMP Juan, I would have to disagree with that.  There are ways to run scans on machines that don't response to ping.  It makes the scan run longer, but it will look for any and all ports on all addresses within the range you set.   Steve Schuster Midwest ISO Security Analyst -----Original Message----- From: Juan Concepcion [mailto:[EMAIL PROTECTED]] Sent: Saturday, June 09, 2001 8:10 PM To: Tony Wong; [EMAIL PROTECTED] Subject: RE: [FW1] Blocking ICMP People can't attack what they can't see/detect.   Juan Concepcion Network Engineer/Security Consultant CCSA/CCSE E-Mail: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tony Wong Sent: Friday, June 08, 2001 11:55 AM To: [EMAIL PROTECTED] Subject: [FW1] Blocking ICMP How does blocking ICMP make my firewall more secure?