View Poll Results: Is there such a thing as ESP and Psychic phenominae?
- 12. You may not vote on this poll
October 18th, 2004, 10:27 AM
What to do with ICMP traffic?
Inspired by a discussion in this thread.
A quick recap: ICMP (Internet Control Message Protocol) is used in the IP suite "to provide feedback about problems in the communication environment" (RFC792). Besides providing this useful feedback, the protocol can also be (mis?)used to, for example, map networks and recognise operating systems.
What should/do you do with ICMP traffic? Block it entirely, partially or not at all? How do the pro's and con's of blocking ICMP compare to each other? What do you suggest, and why?
I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.
October 18th, 2004, 10:41 AM
Block some of it.
I let my router forward all ICMP to my own computer. The firewall on my pc only allow's it for eiter the IP of my school a number of my friends and inside the network. Everything else is blocked.
The reason I allow school is because I want to be able to check up on my computer from there. The friends for the same reason, and so they can check up on it for themselves.
Basicly I think ICMP is a good thing. People getting to know my os isn't really something I think is a problem in my case. And you can alway's only allow a certain amount of people in...
If your admin of an important network or company then things change though.
Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?
October 18th, 2004, 11:54 AM
Lot's of reasons to block it. Convert channels, ICMP redirects and ICMP broadcast pings are just a few.
Experience is something you don't get until just after you need it.
October 18th, 2004, 02:30 PM
Technically I'd say the best approach is to use a stateful firewall and allow any ICMP traffic "related" to other permitted traffic, denying the rest.
You might also want to allow pings in / out.
Blocking all ICMP traffic is nasty and will definitely cause some problems for applications - they won't get correct error information.
TCP connections which are denied by ICMP unreachables will continue to be tried until they time out. The application will get the wrong error message and it will take a lot longer to give up.
UDP sessions to servers which have gone away will not get unreachables - which means they also will take a lot longer to timeout and the applications won't get the right error message.