Security Basics mailing list archives
Re: Removing ping/icmp from a network
From: "Mark Owen" <mr.markowen () gmail com>
Date: Thu, 27 Mar 2008 13:09:27 -0400
On Thu, Mar 27, 2008 at 12:25 PM, Jason <securitux () gmail com> wrote: *snip*
The idea is to limit your Internet footprint to make it as difficult as possible for an attacker. There is no need for a web server to respond to ping from the Internet for example.
It is very critical that your web server responds to ICMP on the Internet. If you go out of the way and ignore essential protocols for IP over a public network, you're just going to create a headache for all of us. Without ICMP, it is very difficult for us to determine where a problem exists when our clients complain about slow load times or inaccessibility to your website. No ICMP means no basic trace routing, no basic latency checks, and no basic error reporting. So even if the problem is somewhere in our infrastructure that limits or prevents access to your site, you're going to get the blame and bad reputation of an unstable server. If it doesn't respond to ping, and can't be traced, its not our fault that our client can't access your site, it's yours. -- Mark Owen
Current thread:
- Re: Removing ping/icmp from a network, (continued)
- Re: Removing ping/icmp from a network Mark Owen (Mar 25)
- Re: Removing ping/icmp from a network Ivan . (Mar 26)
- RE: Removing ping/icmp from a network Strykar (Mar 26)
- RE: Removing ping/icmp from a network Murda Mcloud (Mar 27)
- RE: Removing ping/icmp from a network Murda Mcloud (Mar 27)
- Re: Removing ping/icmp from a network Jason Thompson (Mar 26)
- RE: Removing ping/icmp from a network Worrell, Brian (Mar 26)
- Re: Removing ping/icmp from a network Ansgar -59cobalt- Wiechers (Mar 26)
- RE: Removing ping/icmp from a network Craig Wright (Mar 26)
- Re: Removing ping/icmp from a network Jason (Mar 27)
- Re: Removing ping/icmp from a network Mark Owen (Mar 27)
- R: Removing ping/icmp from a network Vega - Brunello Ivan (Mar 27)
- Re: Removing ping/icmp from a network Jason (Mar 27)
- Re: Removing ping/icmp from a network Michael Painter (Mar 27)
- Re: Removing ping/icmp from a network Razi Shaban (Mar 28)
- Re: Removing ping/icmp from a network Michael Painter (Mar 28)
- Re: Removing ping/icmp from a network Ansgar -59cobalt- Wiechers (Mar 28)
- Re: Removing ping/icmp from a network Michael Painter (Mar 31)
- RE: Removing ping/icmp from a network Ric Messier (Mar 28)
- RE: Removing ping/icmp from a network Adewale, Akin (IT Services - Infosec Team) (Mar 28)
- RE: Removing ping/icmp from a network Craig Wright (Mar 28)