Network Security: Detailed info on Re: Removing ping/icmp from a network

Subject:	Re: Removing ping/icmp from a network
Date:	Thu, 27 Mar 2008 13:09:27 -0400

Subject:

Re: Removing ping/icmp from a network

Date:

Thu, 27 Mar 2008 13:09:27 -0400

On Thu, Mar 27, 2008 at 12:25 PM, Jason <securitux@gmail.com> wrote:
*snip*

 The idea is to limit your Internet footprint to make it as difficult
 as possible for an attacker. There is no need for a web server to
 respond to ping from the Internet for example.


It is very critical that your web server responds to ICMP on the
Internet.  If you go out of the way and ignore essential protocols for
IP over a public network, you're just going to create a headache for
all of us.

Without ICMP, it is very difficult for us to determine where a problem
exists when our clients complain about slow load times or
inaccessibility to your website.  No ICMP means no basic trace
routing, no basic latency checks, and no basic error reporting.  So
even if the problem is somewhere in our infrastructure that limits or
prevents access to your site, you're going to get the blame and bad
reputation of an unstable server.  If it doesn't respond to ping, and
can't be traced, its not our fault that our client can't access your
site, it's yours.

-- 
Mark Owen

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Removing ping/icmp from a network, (continued) Re: Removing ping/icmp from a network, Mark Owen Re: Removing ping/icmp from a network, Ivan . RE: Removing ping/icmp from a network, Strykar RE: Removing ping/icmp from a network, Murda Mcloud RE: Removing ping/icmp from a network, Murda Mcloud Re: Removing ping/icmp from a network, Jason Thompson RE: Removing ping/icmp from a network, Worrell, Brian Re: Removing ping/icmp from a network, Ansgar -59cobalt- Wiechers RE: Removing ping/icmp from a network, Craig Wright Re: Removing ping/icmp from a network, Jason Re: Removing ping/icmp from a network, Mark Owen <= R: Removing ping/icmp from a network, Vega - Brunello Ivan Re: Removing ping/icmp from a network, Jason Re: Removing ping/icmp from a network, Michael Painter Re: Removing ping/icmp from a network, Razi Shaban Re: Removing ping/icmp from a network, Michael Painter Re: Removing ping/icmp from a network, Ansgar -59cobalt- Wiechers Re: Removing ping/icmp from a network, Michael Painter RE: Removing ping/icmp from a network, Ric Messier RE: Removing ping/icmp from a network, Adewale, Akin (IT Services - Infosec Team) RE: Removing ping/icmp from a network, Craig Wright

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	RE: Looking For Security Metrics, David Gillett
Next by Date:	Re: File sharing with Bittorrent: what possible security threads?, postmaster
Previous by Thread:	Re: Removing ping/icmp from a network, Jason
Next by Thread:	R: Removing ping/icmp from a network, Vega - Brunello Ivan
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

RE: Looking For Security Metrics, David Gillett

Next by Date:

Re: File sharing with Bittorrent: what possible security threads?, postmaster

Previous by Thread:

Re: Removing ping/icmp from a network, Jason

Next by Thread:

R: Removing ping/icmp from a network, Vega - Brunello Ivan

Indexes:

[Date] [Thread] [Top] [All Lists]