On 11 Dec 99, at 16:11, Ralf G. R. Bergs wrote: > currently I'm allowing EVERYTHING but timestamp-requests. What else can I > safely drop? > Or the other way round: Which packets do I absolutely need? I then could drop > everything else.
I would suggest you keep Pong(0), destination unreachable(3) , Source Quench(4), Time exceed(11) and Parameter problem(12). Everything else deny and log. It is possible that you explicit must deny icmp redirects from your gateway or you will go nuts when analysing your logs :). Best Regards Johan ********************************************************** Johan Hagstr�m Data Ingenj�r / KTH Direkt: 0498 - 202732 [EMAIL PROTECTED] V�xel: 0498 - 202700 Fax: 0498 - 214640 Intron Service AB http://www.gotlandica.com "Security is not a solution. It is a way of life." **********************************************************
