Personally, its my feeling that you only let in the traffic that is
essential and NOTHING else. While ICMP and Traceroute are seemly "harmless"
things to allow, I wouldn't unless there is a very good reason.
Those tools can also be used to "explore" your network and for information
gathering. Also, there are "ping floods" etc that can be used on a DOS
attack.
so. I'd say "no" to letting them inbound unless there is a real need.
will
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Justin Derry
Sent: Wednesday, June 14, 2000 9:45 PM
To: [EMAIL PROTECTED]
Subject: [FW1] ICMP
we host over 300 web sites within a firewall protected area.
Does anyone have any feelings / thoughts on not allowing icmp/trace route
traffic
through to these sites and only allowing http/https traffic
Cheers
Justin Derry
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
