At 03:03 PM 7/9/2004, Dan Horne wrote:
if you block ICMP, you break IP. That's the bottom line, and nobody can
argue that.
Sorry, but I can and will argue with that. ICMP relies on IP, not the other
way around. IP works with or without ICMP. RFC792, which defines ICMP,
states The purpose of
Ah, but ICMP does still work on your machine. You can still ping
internally. It's just that those machines outside your firewall can't REACH
your machine with ICMP. There is nothing in the RFC that even implies that
I must allow all ICMP packets to reach my network.
Even if you're using a
through a security audit like we do, you'll understand.
- Original Message -
From: Russ Uhte (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 09, 2004 3:16 PM
Subject: Re: [Declude.JunkMail] NOW OT: ICMP
At 03:03 PM 7/9/2004, Dan Horne wrote:
if you block ICMP, you
At 03:45 PM 7/9/2004, Doug Anderson wrote:
Actually Russ, ICMP still works. Can you ping 127.0.0.1, the local loop
back? Can you ping other items on your local network?
It comes down intranet vs internet separated by a firewall. Many
corporations kill ICMP externally, but it works fine
internally
one case that comes to mind is PMTU. I've seen first
hand instances where a corporation blocked all ICMP traffic, and then some
of my users couldn't access that companies website. For whatever reason,
the remote web server had a smaller than normal MTU size
Yes - ICMP should be blocked
At 04:44 PM 7/9/2004, Andy Schmidt wrote:
one case that comes to mind is PMTU. I've seen first
hand instances where a corporation blocked all ICMP traffic, and then some
of my users couldn't access that companies website. For whatever reason,
the remote web server had a smaller than normal MTU
