Security Incidents mailing list archives
Re: Sudden increase in scans.
From: Alexander Schreiber <Alexander.Schreiber () INFORMATIK TU-CHEMNITZ DE>
Date: Mon, 24 Jul 2000 02:22:37 +0200
Hi ! On Sat, 22 Jul 2000, Jason Lewis wrote:
I don't know why this made me think of it but..... I haven't had ANY scans, since I disabled pinging internal machines from my router. ZERO! I used to get loads of scans ALL the time. They have stopped completely. To test my theory, I am going to re-enable ping to public server and see what happens. What does everyone think of disabling ICMP at the router?
Just disabling ICMP is a very bad idea since this _will_ break things (like unreachable vs waiting for timeout, path MTU discovery, ...). But you could stop the kiddies from using ICMP to map out your network by blocking: - incoming ICMP echo-request (ping) - outgoing ICMP echo-reply (pong) This way, ''pinging out'' your network won't work anymore but you don't break anything else. But in my opinion you should allow ping to machines that are already visible on the outside by other ways (public webservers, public ftp-servers, ...). You won't loose anything since the machines are visible (need to be) to the outside anyway. Just make sure said machines are secure (as well as that can be done). Regards, Alex. -- ------------------------------------------------------------------------------ EMail : als () thangorodrim de | WWW : http://www.thangorodrim.de/ If privacy is outlawed, only outlaws will have | Ceterum censeo Parva Mollia privacy. (Philip Zimmerman, author of PGP) | esse delendam.
Current thread:
- Re: Sudden increase in scans. Jason Lewis (Jul 21)
- Re: Sudden increase in scans. Berend De Schouwer (Jul 24)
- Re: Sudden increase in scans. Alexander Schreiber (Jul 24)
- Re: Sudden increase in scans. Jose Nazario (Jul 24)
- Re: Sudden increase in scans. Alexander Schreiber (Jul 25)
- Re: Sudden increase in scans. Jose Nazario (Jul 24)
- Re: Sudden increase in scans. Joe McAlerney (Jul 24)