Security Incidents mailing list archives
Re: Sudden increase in scans.
From: Alexander Schreiber <Alexander.Schreiber () INFORMATIK TU-CHEMNITZ DE>
Date: Mon, 24 Jul 2000 02:22:37 +0200
Hi ! On Sat, 22 Jul 2000, Jason Lewis wrote:
I don't know why this made me think of it but..... I haven't had ANY scans, since I disabled pinging internal machines from my router. ZERO! I used to get loads of scans ALL the time. They have stopped completely. To test my theory, I am going to re-enable ping to public server and see what happens. What does everyone think of disabling ICMP at the router?
Just disabling ICMP is a very bad idea since this _will_ break things (like
unreachable vs waiting for timeout, path MTU discovery, ...).
But you could stop the kiddies from using ICMP to map out your network
by blocking:
- incoming ICMP echo-request (ping)
- outgoing ICMP echo-reply (pong)
This way, ''pinging out'' your network won't work anymore but you don't
break anything else. But in my opinion you should allow ping to machines
that are already visible on the outside by other ways (public webservers,
public ftp-servers, ...). You won't loose anything since the machines
are visible (need to be) to the outside anyway. Just make sure said
machines are secure (as well as that can be done).
Regards,
Alex.
--
------------------------------------------------------------------------------
EMail : als () thangorodrim de | WWW : http://www.thangorodrim.de/
If privacy is outlawed, only outlaws will have | Ceterum censeo Parva Mollia
privacy. (Philip Zimmerman, author of PGP) | esse delendam.
Current thread:
- Re: Sudden increase in scans. Jason Lewis (Jul 21)
- Re: Sudden increase in scans. Berend De Schouwer (Jul 24)
- Re: Sudden increase in scans. Alexander Schreiber (Jul 24)
- Re: Sudden increase in scans. Jose Nazario (Jul 24)
- Re: Sudden increase in scans. Alexander Schreiber (Jul 25)
- Re: Sudden increase in scans. Jose Nazario (Jul 24)
- Re: Sudden increase in scans. Joe McAlerney (Jul 24)