RE: [FW1] OT - newbie question about PING

Fri, 06 Jul 2001 21:27:01 -0700


I agree and as other posts have said in the past, if you do need ping for occassional testing - then have the rules disabled by default and only enable them when someone has a genuine need - and disable the rules again when they are finished.

TH


Dean Cunningham <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]

04/07/01 22:33

       
        To:        "'John Hahn'" <[EMAIL PROTECTED]>
        cc:        "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
        Subject:        RE: [FW1] OT - newbie question about PING




Any protocol you let though a firewall has the potential to cause harm,
expecially if anyone in the world can do it.
In ping's case (IIRC) some systems are susceptable to DOS attacks from
partial packets or any other exploit relating to ICMP.
Memory is getting vague here , but if you allow ping you probably allow
traceroute. this would give a hacker an ability to map your network... Not A
Good Thing (tm) IMHO

-----Original Message-----
From: John Hahn [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 3 July 2001 11:40 PM
To: [EMAIL PROTECTED]
Subject: [FW1] OT - newbie question about PING



Would someone please explain the reasoning to not allow PING through the
Firewall to our internal networks? I've having a problem justifiying to the
mainframe systems group why I will not globaly enable PING.

Your thoughts would be appreciated.

JEH
--

_______________________________________________
FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

FREE PC-to-Phone calls with Net2Phone
http://www.net2phone.com/cgi-bin/link.cgi?121







============================================================================
====
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
============================================================================
====
***************************************************
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************


================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================

S/MIME Cryptographic Signature

Reply via email to