Re: Odp: icmp scans

["Bob Acosta" <acostar () allied-chas com>]

True ip could be construed as unreliable (more like unsecure), and yes
applications level programming could help make it safer (how many
programmers are concerned about security - more interested in functionality
and getting it on the shelf).  Out of curiosity, why has there been no
pseudo application proxy for icmp.  One that checks the data portion of the
packets for non-standard strings.  It was my impression that the data
portion of the packet was used primarily for feeding back routing info,
timestamps/delays and such.  Has anybody from TIS looked into this, or is
the issue too complex.  My stance is to refuse all icmp, however many sites
refuse to turn it off.  They indicate it is either needed for
troubleshooting reasons (ok - but then turn it off), or for monitoring
purposes (are my remote systems still up?), and for some unknown reason even
some applications require a pre-icmp before permitting a connection (would
like to know why).  Also, I am concerned with the way icmp has a direct line
from layer 3 to the kernel of some, maybe most systems (if I am correct).