On Sep 13, 9:19am, Paul D. Robertson wrote:
> You won't always get ICMP back, some of us put legitimate hosts behind
> firewalls that won't give you the pleasure of finding out which addresses
> are open for attack.
Giving out ICMP for all hosts in the bank of addresses for which you are
responsible (whether they exist or not) is about the same as giving out none,
is it not? The information is useless to an attacker, but greases the
connection machinery better.
> You'd also leave yourself open to ICMP host
> unreachable/network unreachable Denial Of Service attacks.
No doubt -- I agree.
Clayton Haapala (clayh @
Netco Communications Corp. Go ahead and get some coffee. But, don't
Minneapolis, MN 55401 USA worry about caffeine -- WAM!NET won't give
612-204-3143 you time to drink much.