On 3/16/07, Tony Hoyle <[EMAIL PROTECTED]> wrote: > By all means block echo request packets > (although I personally never saw the point > of that) but let the rest through.
Historical fear of the "ping of death" is why ICMP echo is still blocked by default in so many firewalls: http://en.wikipedia.org/wiki/Ping_of_death I remember crashing many Win NT 4 machines, HP/UX machines, and printers back the mid 1990s when we scanned our network for this vulnerability. I recall almost anything with a network stack derived from the BSD code base was usually vulnerable. The really funny thing is that ICMP echo wasn't the only vulnerable part of the IP stack, just the easiest to test with. So firewalling ICMP echo didn't really do much to protect against the vulnerability. -- RPM ========================= All problems can be solved by diplomacy, but violence and treachery are equally effective, and more fun. -Anonymous _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
