Educause Security Discussion mailing list archives

Re: ICMP blocking

From: ken lindahl <lindahl () BERKELEY EDU>
Date: Wed, 6 Dec 2006 13:37:55 -0800

Gary Dobbins wrote:

Quick survey:  Who's blocking ICMP subsets (like echo requests,
traceroutes) at their borders?  Who's not?  Strong feelings about why in
either case?


berkeley is not and feels strongly about it. ping and traceroute can be
extremely useful for troubleshooting basic network connectivity problems,
and can provide important information for understanding more complex
performance issues.

Certainly, doing so is not a huge security gain, but the alternative
means you're giving away the map anonymously.


our map is posted on a web page. but we try to keep it out of date to
throw off the bad guys. ;-)

How polar is the community on this?


this community of one is extremely polar.

ken

Current thread:

ICMP blocking Gary Dobbins (Dec 06)
- <Possible follow-ups>
- Re: ICMP blocking ken lindahl (Dec 06)
- Re: ICMP blocking Jeff Kell (Dec 06)
- Re: ICMP blocking Constantakos, William (Dec 06)
- Re: ICMP blocking Randy Marchany (Dec 06)
- Re: ICMP blocking David Gillett (Dec 06)
- Re: ICMP blocking John Ladwig (Dec 06)
- Re: ICMP blocking David Lundy (Dec 06)
- Re: ICMP blocking Gary Flynn (Dec 06)
- Re: ICMP blocking Ken Connelly (Dec 06)
- Re: ICMP blocking Russell Fulton (Dec 07)
- Re: ICMP blocking Joe St Sauver (Dec 07)