Security Basics mailing list archives
Re: ICMP (Ping)
From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Thu, 4 Sep 2003 22:35:39 +0200
On 2003-09-02 freeasabird_13 () gmx net wrote:
Are there any security issues for allowing a firewall/router to respond to Ping from the internet?Yes. It would not be preferable for you to allow your firewall/router to respond to pings from the internet. Someone running a wide-scale scan of internet computers for possible attack targets would quickly be made aware of your obvious internet presence and you could become a target for attack.
I don't think so. Not responding to ICMP echo-requests won't make you invisible. Whenever a ping does not return "host unreachable" you know there *is* something with that address. Dropping ICMP packets might be useful though, to protect the firewall or router from being DoS'ed through ICMP, but it won't hide your host. Regards Ansgar Wiechers --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- ICMP (Ping) Paul Kurczaba (Sep 02)
- Re: ICMP (Ping) freeasabird_13 (Sep 03)
- Re: ICMP (Ping) Ansgar Wiechers (Sep 04)
- Re: ICMP (Ping) freeasabird_13 (Sep 05)
- Re: ICMP (Ping) Ansgar Wiechers (Sep 05)
- Re: ICMP (Ping) Tomas Wolf (Sep 08)
- Re: ICMP (Ping) Tim Greer (Sep 08)
- Re: ICMP (Ping) Ansgar Wiechers (Sep 04)
- Re: ICMP (Ping) freeasabird_13 (Sep 03)
- <Possible follow-ups>
- Re: ICMP (Ping) Jay Woody (Sep 03)
- RE: ICMP (Ping) Stuart (Sep 04)