Ah, but ICMP does still work on your machine. You can still ping internally. It's just that those machines outside your firewall can't REACH your machine with ICMP. There is nothing in the RFC that even implies that I must allow all ICMP packets to reach my network.
Even if you're using a software firewall to block ICMP on the local machine, ICMP is still IMPLEMENTED as per RFC. Your computer can still understand ICMP packets, but they simply never get far enough up the stack to be accepted and decoded. Again, there is nothing in the RFC that states this is wrong. But you're right, all issues of security are open to interpretation. Mine is different from yours, but that doesn't make yours any less valid. "I can't ping your machine, fix that first" is fine with me, and is actually my line as well when I'm supporting someone. It isn't because I think pings are necessary to the internet, though. It is because ICMP is the primary method of diagnosing connectivity issues. If I can't ping them, I can't tell if they are connected. In cases where someone needs to ping me for diagnostic purposes, I have always opened up pings. Once the problem is resolved, though, the door closes again. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
