Re: Allow ICMP on external interface
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 1 Oct 2003 08:06:47 -0700
Actually, I prefer creating an all-open policy and closing the ports I don't
want.
This way, I can increase my VA disabled income by adding "reduced mental
facilities" and prove it with my ISA policies.
;-)
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Quillman Shawn (RBNA/CIT1.1) *" <Shawn.Quillman@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, October 01, 2003 06:30
Subject: [isalist] Re: Allow ICMP on external interface
http://www.ISAserver.org
If you can't ping you must need to open a port.
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, October 01, 2003 9:00 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Allow ICMP on external interface
http://www.ISAserver.org
Hello Han,
Ping is only as good as the person using it.
The most common complaint I hear is "I can't ping <pickyorfavoriteplace>".
That, in and of itself, means nothing.
- how was ping used; with a name or an IP?
- typo?
- what was the actual response from ping?
- does the remote site allow ping queries?
- are your IP settings correct?
..my favorite quote came from a developer who should have known better:
"ping works, so I should have RPC connectivity." This is indicative of the
general impression folks sem to have with ping.
Proper use of ping may give many hints as to what is working or not in your
environment (if you know how to interpret he results), but unfortunately,
most folks see it as a catch-all for IP-based troubleshooting.
The most common indicator of misunderstanding of what ping does is the
phrase, "I (can/can't) ping, but I (can/can't) see the (web page/ FTP site /
SMTP server)".
Ping uses ICMP; most server apps use either TCP, UDP or other IP protocols.
Realization of one has absolutely nothing to do with another.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Wed, 1 Oct 2003 06:42:45 +0200
"Han Valk" <Han.Valk@xxxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org
> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: Wednesday, October 01, 2003 01:50
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Allow ICMP on external interface
>
>
> http://www.ISAserver.org
>
>
> Why do folks always want to allow the simplest of DoS attacks?
> <sigh>
>
Hi Jim,
I'm sorry to hear that your opinion is to block ICMP. I know there are other
people that have the same opninion but I also know a lot of people who don't
agree with you. PING is a very handy tool.
Best regards,
Han Valk.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
Other related posts:
