How about...
set up a sacrafical lamb in the dmz for this purpose and allow pings to it
from the net (a win95 box for example)
That way they can at least test the link from there to your subnet. If you
can then ping the e-business box then all that can be the problem is your
firewall rules or a dns problem stopping them from reaching you??
-----Original Message-----
From: Ralf G�nthner [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 24 May 2000 1:30 AM
To: [EMAIL PROTECTED]
Subject: [FW1] Allow pinging or not?
We have a certain e-business server in a DMZ. Until now, I dropped any ping
packets directed at this system's public address from the outside world.
Now customer service wants me to allow echo request packets to reach the
public address, so customers who have access problems can verify the
reachability of our server.
Should I allow this or not? I'm afraid of opening up routes for exploits not
to mention tools like nmap asf.
Any opinions very much welcome
Ralf G.
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
***************************************************
This e-mail is not an official statement of the
Waikato Regional Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
