Jason Dixon wrote:
On Dec 17, 2006, at 6:28 PM, Dag Richards wrote:
Jason Dixon wrote:
Your security staff is clueless. I bet they like to block icmp
echo- request too.
Erm, I am don't think I am clueless, often a sign of cluelessness I
am sure ... However. I block inbound icmp, well actually inbound
anything not shown to be required for specific 'services'.
What about this is cluelez? I ask in a tone not of belligerence, but
a desire to be informed by my betters.
Why would you block icmp echo-request? What does that gain you in
terms of security?
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
I block all inbound traffic to my networks not required for operations.
I have a dns server I allow inbound udp / tcp 53, if its not running
other services thats all I allow. I run rules on the dns server that
block it from making outbound connections except to 53 on servers off my
network, and ntp to the time servers.
Why would I let icmp in? I have telnet turned off on all the servers,
but I still block port 23, or actually fail to open it.
Tools can be written to use icmp as a transport, obviously anything can
be used as a transport which is why we only allow traffic inbound to
servers with services running we want public. Why should I allow
someone to ping my dns server?
If you need to see if the server is up telnet to port 53, a traceroute
will die at the hop above the firewall, I know which ip that is. I don't
care/need others to do so.