Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

traceroute

From: "Wigg, Guy G" <GWigg () mail sbic co za>
Date: Sun, 24 Jun 2001 14:33:13 +0200
Hi All

Just looking for a bit of advice please, our Internet Team wish to be able
to do traceroutes from our webservers onto the internet as they believe that
this will assist in resolving network problems that occur from time to time.
Currently we don't allow any ICMP from the Internet into our network/DMZ.
What would the risk be of allowing ICMP time exceeded packets into our
network? ( I presume this is all we need, to allow trace routes from our
webservers out onto the net?). I realise opening another port on the
firewall increases the risk, but is this a manageable risk?

thanks
Guy
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: