I thought it was very useful in finding out remote routes... And we will not even TALK about firewalking! ;-) Jim Christian Vogel wrote: > > Hi Frederic, > > > Although I _could_ agree as far as a firewalls are concerned, I don't > > when it comes to routers. > > Blocking/droping any ICMP packet usually turns into a real nightmare > > when you've to perform troubleshooting on a wide network. > > Please don't spread the word that ICMP only is for troubleshooting > networks. ICMP has it's uses beside "PING", the most important one > being "Path-MTU-Discovery" which will break when filtering all > ICMP packets! [1] > > There is a really frightening number of clueless admins which misconfigure > their firewalls this way! -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 13:45:51 PST