Educause Security Discussion mailing list archives
Re: ICMP blocking
From: ken lindahl <lindahl () BERKELEY EDU>
Date: Wed, 6 Dec 2006 13:37:55 -0800
Gary Dobbins wrote:
Quick survey: Who's blocking ICMP subsets (like echo requests, traceroutes) at their borders? Who's not? Strong feelings about why in either case?
berkeley is not and feels strongly about it. ping and traceroute can be extremely useful for troubleshooting basic network connectivity problems, and can provide important information for understanding more complex performance issues.
Certainly, doing so is not a huge security gain, but the alternative means you're giving away the map anonymously.
our map is posted on a web page. but we try to keep it out of date to throw off the bad guys. ;-)
How polar is the community on this?
this community of one is extremely polar. ken
Current thread:
- ICMP blocking Gary Dobbins (Dec 06)
- <Possible follow-ups>
- Re: ICMP blocking ken lindahl (Dec 06)
- Re: ICMP blocking Jeff Kell (Dec 06)
- Re: ICMP blocking Constantakos, William (Dec 06)
- Re: ICMP blocking Randy Marchany (Dec 06)
- Re: ICMP blocking David Gillett (Dec 06)
- Re: ICMP blocking John Ladwig (Dec 06)
- Re: ICMP blocking David Lundy (Dec 06)
- Re: ICMP blocking Gary Flynn (Dec 06)
- Re: ICMP blocking Ken Connelly (Dec 06)
- Re: ICMP blocking Russell Fulton (Dec 07)
- Re: ICMP blocking Joe St Sauver (Dec 07)