I'm not sure I see it like that. Ping is not exactly harmful, unless you're on an older service pack of NT where the "ping of death" could get you. I allow ping into my DMZ, but not into my internal network. It's far more useful as a troubleshooting tool.
Mike Murray
Network Administrator
Pier 1 imports
[EMAIL PROTECTED]
817-252-8963
-----Original Message-----
From: Robert MacDonald [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 23, 2000 9:12 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [FW1] Allow pinging or not?
No. If they feel they are having troubles, I would have them conact you - AFTER they have verified that their systems and net access are OK. They should be able to conclude that it's at your end, just by verifying that all of their systems and net access is OK all the way to you.
If your systems are having trouble, then your local management systems should notify you, not your business partner. You want to run only what you must and no more. Don't allow services or protocols thru, just so your business partner can manage your systems as if they were theirs.
Best of luck!
Robert
- -
Robert P. MacDonald, Network Engineer
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "Ralf G�nthner" <[EMAIL PROTECTED]> 5/23/00 9:29:57 AM >>>
>
>We have a certain e-business server in a DMZ. Until now, I dropped any ping packets directed at this
>system's public address from the outside world.
>
>Now customer service wants me to allow echo request packets to reach the public address, so customers
>who have access problems can verify the reachability of our server.
>
>Should I allow this or not? I'm afraid of opening up routes for exploits not to mention tools like nmap asf.
>
>Any opinions very much welcome
>
>Ralf G.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
