Re: Allow ICMP on external interface

• From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 30 Sep 2003 23:31:48 -0700

> > Why do folks always want to allow the simplest of DoS attacks?
> > <sigh>
>
> I'm sorry to hear that your opinion is to block ICMP. I know there are
other
> people that have the same opninion but I also know a lot of people who
don't
> agree with you. PING is a very handy tool.

Yes, PING is a very handy tool. It is also widely used for DoS attacks.
There is absolutely no reason in the world to allow ping into every
interface on the internal network. One interface for test, yes. There is
absolutely no reason to allow every interface on the internal network to
ping out. One interface for testing, yes.

John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com

Other related posts:

• » Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface

1. Home
2. isalist
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---