At my employment we are using a software package to monitor security calls
received by a Radionics Security Receiver (6600). That software - PHOENIX
[abmsystemsllc.com] uses ICMP to transfer received information to the
monitoring station(s).
ICMP may not be critical, er, vital for network performance and operation, but
there are certain circumstances where it is used. In my case, ICMP is routed as
necessary by the uber-IT folks.
"Jason Thompson" <securitux@gmail.com> 03/26/2008 09:55 >>>
ICMP is not vital for network operation, though it is convenient. PING
isn't required at all, ICMP unreachable messages don't do anything
other than notify the receiver to stop trying to connect to a
destination as it isn't alive (the receiver should get a hint of this
when his SYN's don't get a SYN ACK), ICMP redirects shouldn't happen
if your network is structured properly, and even if it's not, it just
adds an extra hop.
I don't see any ICMP messages that are a MUST for network operation.
That being said, if network monitoring is being done via SNMPv1 or v2
which isn't secure at all, ICMP is the least of your problems. I agree
with a few here that you allow ICMP from trusted to untrusted, but not
vice versa. And definitely NO ICMP from the Internet.
Keep in mind, if you give ICMP the boot on your internal network,
expect a lot more support calls as most users don't consider a device
up and working unless they can ping it.
-J
On Tue, Mar 25, 2008 at 12:29 PM, Secure This <lists@securethis.net> wrote:
I have a variety of clients with data centres who all make use of
icmp/ping to monitor their servers/appliances/devices (often with poorly
configured snmp versions 1 and 2).
Could anybody kindly advise me of tools and strategies for minimising or
removing the use of icmp/ping on a supposedly secure network?
Thanks in advance
