Re: Allow ICMP on external interface

• From: Jim Harrison <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 01 Oct 2003 05:59:46 -0700

Hello Han,


Ping is only as good as the person using it.
The most common complaint I hear is "I can't ping <pickyorfavoriteplace>".
That, in and of itself, means nothing.
- how was ping used; with a name or an IP?
- typo?
- what was the actual response from ping?
- does the remote site allow ping queries?
- are your IP settings correct?

..my favorite quote came from a developer who should have known better:
"ping works, so I should have RPC connectivity."  This is indicative of the 
general impression folks sem to have with ping.

Proper use of ping may give many hints as to what is working or not in your 
environment (if you know how to interpret he results), but unfortunately, most 
folks see it as a catch-all for IP-based troubleshooting.  

The most common indicator of misunderstanding of what ping does is the phrase, 
"I (can/can't) ping, but I (can/can't) see the (web page/ FTP site / SMTP 
server)".

Ping uses ICMP; most server apps use either TCP, UDP or other IP protocols.  
Realization of one has absolutely nothing to do with another.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Wed, 1 Oct 2003 06:42:45 +0200
 "Han Valk" <Han.Valk@xxxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org




> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
> Sent: Wednesday, October 01, 2003 01:50
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Allow ICMP on external interface
> 
> 
> http://www.ISAserver.org
> 
> 
> Why do folks always want to allow the simplest of DoS attacks?
> <sigh>
> 

Hi Jim,

I'm sorry to hear that your opinion is to block ICMP. I know there are other
people that have the same opninion but I also know a lot of people who don't
agree with you. PING is a very handy tool.

Best regards,
Han Valk.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

Other related posts:

• » Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface

1. Home
2. isalist
3. Archive
4. 10-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---