What we do is allow ping from only our clients to their web servers only,
througt Internet.
At 10:12 23/05/00 -0400, Robert MacDonald wrote:
>No. If they feel they are having troubles, I would have them conact you -
>AFTER they have verified that their systems and net access are OK. They
>should be able to conclude that it's at your end, just by verifying that
>all of their systems and net access is OK all the way to you.
>
>If your systems are having trouble, then your local management systems
>should notify you, not your business partner. You want to run only what
>you must and no more. Don't allow services or protocols thru, just so your
>business partner can manage your systems as if they were theirs.
>
>Best of luck!
>Robert
>
>- -
>Robert P. MacDonald, Network Engineer
>G o r d o n F o o d S e r v i c e
>Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>
> >>> "Ralf G�nthner" <[EMAIL PROTECTED]> 5/23/00 9:29:57 AM >>>
> >
> >We have a certain e-business server in a DMZ. Until now, I dropped any
> ping packets directed at this
> >system's public address from the outside world.
> >
> >Now customer service wants me to allow echo request packets to reach the
> public address, so customers
> >who have access problems can verify the reachability of our server.
> >
> >Should I allow this or not? I'm afraid of opening up routes for exploits
> not to mention tools like nmap asf.
> >
> >Any opinions very much welcome
> >
> >Ralf G.
>
>
>
>
>===========================================================================
>=====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>===========================================================================
>=====
--
Yomler.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
