Actually Russ, ICMP still works. Can you ping 127.0.0.1, the local loop back? Can you ping other items on your local network? It comes down intranet vs internet separated by a firewall. Many corporations kill ICMP externally, but it works fine internally and is used as intended OR they allow outgoing only on the intranet and outgoing/incoming to the DMZ.
That is true, but the one case that comes to mind is PMTU. I've seen first hand instances where a corporation blocked all ICMP traffic, and then some of my users couldn't access that companies website. For whatever reason, the remote web server had a smaller than normal MTU size, and the PMTU message was being blocked by their firewall. A very hard problem to troubleshoot considering the company was a bank that was under constant security audits, and they didn't want to send me their log files to look over. I insisted that they have someone qualified look at them, and sure enough that was the problem. This is kind of an uncommon situation, but it is a situation in which disabling ICMP broke the IP communication.
Since I deal with security, I get to read firewall logs (real boring). We get a number of ping attacks (DOS attempts) and/or ping scans (up and down the range from same ip) per day...script monkey's looking for a way in.
I'm not a security expert, but I do run an IDS, and I see this stuff all the time as well. We also get tons of DOS attempts, and tons of port scans. And really that's just Security through Obscurity, which I'm sure you know all about. I could just as easily map your net work using plain old nmap and telling it not to ping thereby circumventing your ICMP blocking. As for DOS attempts, it's just as easy to issue a DOS attack to any open port. But again, every body has their own way of doing things!!
If you ever go through a security audit like we do, you'll understand.
I've never gone through a formal audit, but believe me you, if I do, I will fight tooth and nail against blocking every type of ICMP packet. And I would assume that if you're required to have formal security audits, that you already have a firewall that's robust enough to pick and choose ICMP type/codes.
-Russ
--- [This E-mail scanned for viruses by Declude Virus]
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
