Security Basics mailing list archives

RE: Removing ping/icmp from a network

From: "Joachim Thuau" <jthuau () heavy-iron com>
Date: Wed, 26 Mar 2008 12:29:02 -0700

From: Jason Thompson
Subject: Re: Removing ping/icmp from a network


[snip]

I don't see any ICMP messages that are a MUST for network operation.


The one system that I know makes use of ICMP messages is Active
Directory. 
It uses ICMP to establish a number of parameters regarding speed of the
links 
between Clients and Domain controllers. See the note at the following KB

article for some details:
http://support.microsoft.com/kb/227260/

With this in mind, you could setup rules for ICMP traffic to only be
allowed 
to Domain Controllers, which would be sufficient for normal operation of
AD.

Jok

Current thread:

Re: Removing ping/icmp from a network, (continued)
- - - Re: Removing ping/icmp from a network Razi Shaban (Mar 28)
    - Re: Removing ping/icmp from a network Michael Painter (Mar 28)
    - Re: Removing ping/icmp from a network Ansgar -59cobalt- Wiechers (Mar 28)
    - Re: Removing ping/icmp from a network Michael Painter (Mar 31)
    - RE: Removing ping/icmp from a network Ric Messier (Mar 28)
    - RE: Removing ping/icmp from a network Adewale, Akin (IT Services - Infosec Team) (Mar 28)
    - RE: Removing ping/icmp from a network Craig Wright (Mar 28)
    - Re: Removing ping/icmp from a network Ansgar -59cobalt- Wiechers (Mar 28)
    - Re: Removing ping/icmp from a network Jason (Mar 28)
    - Re: Removing ping/icmp from a network Ansgar -59cobalt- Wiechers (Mar 31)
  - RE: Removing ping/icmp from a network Joachim Thuau (Mar 26)
  - Re: Removing ping/icmp from a network Michael Painter (Mar 28)
- RE: Removing ping/icmp from a network Edward Ling (Mar 26)
  - Re: Removing ping/icmp from a network Jon R. Kibler (Mar 26)
    - Re: Removing ping/icmp from a network Jason (Mar 26)
- Re: Removing ping/icmp from a network Jim Parkhurst (Mar 26)