Firewall Wizards mailing list archives

RE: ICMP and Traceroute

From: davidg () genmagic com (David Gillett)
Date: Wed, 19 May 1999 11:12:36 -0700

On 18 May 99, at 8:51, Frank W. Keeney wrote:

My view of the Internet is the content and services that it provides.
ICMP and traceroute are only tools to verify network connectivity. Day
to day testing of connectivity to the Internet should be done with the
applications.


  I take exactly the opposite view.  When our network operators need to 
confirm a server's connectivity, I'd prefer that they use connectivity tools 
(ping, nslookup, tracert) than that they expose the server -- and, by 
extension, the internal network -- by way of a browser that is probably way 
behind on security patches, to the vagaries of some random third-party web 
site.  HTTP opens a much bigger hole than the task of checking connectivity 
warrants.


David G

Current thread:

ICMP and Traceroute Deepak Vaidya (May 17)
- Re: ICMP and Traceroute Robert McMahon (May 19)
  - Re: ICMP and Traceroute Deepak Vaidya (May 19)
  - Re: ICMP and Traceroute Kevin Steves (May 22)
    - Re: ICMP and Traceroute Jan B. Koum (May 23)
    - Re: ICMP and Traceroute Kevin Steves (May 23)
- <Possible follow-ups>
- Re: ICMP and Traceroute Ryan Russell (May 18)
- RE: ICMP and Traceroute Houser David DW (May 18)
- RE: ICMP and Traceroute Frank W. Keeney (May 18)
  - RE: ICMP and Traceroute David Gillett (May 19)
    - RE: ICMP and Traceroute M. Dodge Mumford (May 21)
    - Re: ICMP and Traceroute Joseph S D Yao (May 21)