Re: Allow ICMP on external interface

• From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 2 Oct 2003 08:02:15 +0200

Hmmm, funky site Shawn!

-----Original Message-----
From: Quillman Shawn (RBNA/CIT1.1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] 
Sent: 01 October 2003 13:46 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Allow ICMP on external interface

http://www.ISAserver.org



A partial solution is to just use a ping gateway on some web site.  For
example, there are a ton of tools you can use at http://www.dnsstuff.com/.
Ping is among them.  Granted, this won't test the connectivity to and from
your own network but it will at least tell you if a remote host is alive or
not.

-Shawn

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI  48331
(248) 553-1164 (P)     (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx


-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, October 01, 2003 2:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Allow ICMP on external interface


http://www.ISAserver.org


> > Why do folks always want to allow the simplest of DoS attacks?
> > <sigh>
>
> I'm sorry to hear that your opinion is to block ICMP. I know there are
other
> people that have the same opninion but I also know a lot of people who
don't
> agree with you. PING is a very handy tool.

Yes, PING is a very handy tool. It is also widely used for DoS attacks.
There is absolutely no reason in the world to allow ping into every
interface on the internal network. One interface for test, yes. There is
absolutely no reason to allow every interface on the internal network to
ping out. One interface for testing, yes.

John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official 
business of Columbus Stainless is proprietary to the company. It is 
confidential, legally privileged and protected by law. Columbus 
Stainless does not own and endorse any other content. Views and 
opinions are those of the sender unless clearly stated as being that 
of Columbus Stainless. The person addressed in the e-mail is the sole 
authorised recipient.  Please notify the sender immediately if it has 
unintentionally reached you and do not read, disclose or use the 
content in any way. Whilst all reasonable steps are taken to ensure 
the accuracy and integrity of information and data transmitted 
electronically and to preserve the confidentiality thereof, no 
liability or responsibility whatsoever is accepted if information or 
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------

Other related posts:

• » Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface

1. Home
2. isalist
3. Archive
4. 10-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---