Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Removing ping/icmp from a network

from [Jason Thompson] Network Security [Permanent Link]
Subject: Re: Removing ping/icmp from a network
Date: Wed, 26 Mar 2008 10:55:14 -0400 
ICMP is not vital for network operation, though it is convenient. PING
isn't required at all, ICMP unreachable messages don't do anything
other than notify the receiver to stop trying to connect to a
destination as it isn't alive (the receiver should get a hint of this
when his SYN's don't get a SYN ACK), ICMP redirects shouldn't happen
if your network is structured properly, and even if it's not, it just
adds an extra hop.

I don't see any ICMP messages that are a MUST for network operation.

That being said, if network monitoring is being done via SNMPv1 or v2
which isn't secure at all, ICMP is the least of your problems. I agree
with a few here that you allow ICMP from trusted to untrusted, but not
vice versa. And definitely NO ICMP from the Internet.

Keep in mind, if you give ICMP the boot on your internal network,
expect a lot more support calls as most users don't consider a device
up and working unless they can ping it.

-J


On Tue, Mar 25, 2008 at 12:29 PM, Secure This <lists@securethis.net> wrote:

I have a variety of clients with data centres who all make use of
 icmp/ping to monitor their servers/appliances/devices (often with poorly
 configured snmp versions 1 and 2).

 Could anybody kindly advise me of tools and strategies for minimising or
 removing the use of icmp/ping on a supposedly secure network?

 Thanks in advance
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Removing ping/icmp from a network, Strykar
Next by Date:  Re: File sharing with Bittorrent: what possible security threads?, hibbard
Previous by Thread:  RE: Removing ping/icmp from a network, Murda Mcloud
Next by Thread:  RE: Removing ping/icmp from a network, Worrell, Brian
Indexes:  [Date] [Thread] [Top] [All Lists]