Security → Re: ports not stealth

Seems wise Jasu

I want to add also that ICMP in itself, is not a security risk like many claim. In fact, I would wager most but NOT ALL who block ICMP don't really understand or know why they are blocking other then "Someone said its good security"

For example, there are 4-5 really useful ICMP that shouldn't be blocked...infact, blocking them just lowers the efficiency of your network and just makes your routers work harder for little to no benefit.

Internet Control Message Protocol

ICMP Echo Request
ICMP Echo Reply
ICMP Destination Host Unreachable
ICMP Time Exceeded
ICMP Source Quench (Optional nowdays, but still applicable in some cases)

ICMP Destination Host Unreachable is essential in PMTUD - Path MTU Discovery to work properly and efficiently.

Im not saying just carte blanch allow ICMP through, but ping and some other parts of ICMP are useful to respond to as they help your network flow better, and don't compromise your security. As long as you use NMAP and your ports are filtered and closed, I think you would be just fine.

I have found i get much less internet noise on my WAN's when showing closed ports and ICMP I listed above...scanner scan me one time and go away instead of just scnaning over, and over, and over until they realize im stealth and leave..i prefer a 1 scan and move on over 5-6 scans...just my 2 cents!

ICMP ..... on my device, does NOT make any differences
In some level, agreed with your point of view & SPI take care with the bad ICMP ........
The ICMP protocol facilitates the use of important administrator utilities such as ping and traceroute, but it can also be manipulated by hackers to get a snapshot of your network. Learn what ICMP traffic to filter and what to allow.