>>
>> On Tue, 19 Nov 1996, CMIS 370-5161 Student 06 wrote:
>>
>> > Please do not ping through your firewall. It opens all sorts of
>> > doors....a good firewall will not let you ping through it.
>> >
>>
>> This is a personal opinion, especially when using firewalls that
>> either only allow or disallow pinging and traceroutes. Disallowing
>> prevents outside people from gaining information about your network or
>> attempting to set up bogus IP source routing on misconfigured routers, but
>> it limits functionality of inside users. And vice versa for allowing
>> outbound ICMP: lets people ping, but opens potential security holes.
>>
I am allowing ping echos out and ping replies in, and traceroute out and
time-exceeded packets in; I'm not allowing any other inbound icmp. This
allows us to do what we want, but you'll get no replies if you try to ping
in.
-------------------------------------------------------------
-------------------------------------------------------------
"He who dies with the most toys, still dies."
Follow-Ups:
|
|
