Hello,
You can see "ICMP usage in scanning" from
http://www.sys-security.com/html/papers.html , but its a huge paper (>250
pages Ithink). Here at work I let echo-request out and echo-reply in (for ping),
ttlexceeded in transit and ttl exceeded during frag both in (for traceroute) and
I should be letting "frag needed but dont fragment bit set" in too to make
MTU pathdiscovery work. Everything has been working ok for months =).
Hope it helps,
-- Diego.
> I've got a server going online tomorrow, to handle email, http, ssh &
> ftp for the domain it'll host. It's not clear to me what ICMP packets I
> (1) must allow, (2) which are optional but recommended, and (3) which I
> should not allow.
>
> I'd be most appreciative if someone could educate me (or tell me which
> fine manual to read), regarding ICMP. Thanks in advance.
>
> -ste
--
:( >> $$
