 DrTCPYours trulyPremium,ExMod 1999-04
join:1999-11-09
Round Rock, TX | reply to wentlanc
Re: Deal with it..... said by wentlanc:
Same goes for ICMP to some extent. Most basic users do not use it. So why not have an advanced tier for users who want the functionality. Just shut it down and only open it for users who want it, like they used to do with shell accounts.
ICMP is an integral part of IP protocol and disabling ICMP is partially crippling your TCP/IP stack. There more to ICMP beyond Ping!
Where do you draw the line. Tomorrow someone else is going to switch to exploiting UDP and TCP as well? Block UDP and TCP too? How about taking the money of users and not delivering any service?
quote:
Just deal with it. It will more than likely make life easier if it becomes adopted throughout the internet.
Then we would not have internet. I am all for accountability but I think penalizing everyone is not the right way to fix! |
|
|
|
wentlancYou Can't Fix Dumb..
join:2003-07-30
Maineville, OH | I never said to eliminate ICMP. I should have been more specific and said echo and reply. As far as using them for a speed test, since ICMP is the lowest priority protocol, it makes a lousy indicator of actual responsiveness of a system or device. Perhaps we need a new protocol to serve this purpose. I hardly see any of these measures as penalizing anyone. It is simply closing up some inadequate gaps in some archaic protocols.
And TCP and UDP have already been exploited many times in the past.
puritan |
|
DrTCPYours trulyPremium,ExMod 1999-04
join:1999-11-09
Round Rock, TX | said by wentlanc:
And TCP and UDP have already been exploited many times in the past.
So, what is the point of eliminating ICMP Ping? Particularly, UDP is a convenient one to substitute for ICMP.
The hackers, virus writes will just switch protocols. As long as there is a way to send packet anything can be exploited.
You actually do not get harmed by ICMP Echo Request or ICMP Echo Reply. It is just some background jitter and something that fills the logs of your firewall. If you like you can adjust your firewall not reply but elimination of the packet by ISP is plain wrong.
There is no good reason to block ICMP ping by the ISP. |
|
wentlancYou Can't Fix Dumb..
join:2003-07-30
Maineville, OH | Obscurity. Ping is the simplest method of sweeping for responsive addresses, and then probing for further information. Granted echo request and reply have their place. But echo request to the users of an ISP is not particularly useful to anyone.
puritan |
|
DrTCPYours trulyPremium,ExMod 1999-04
join:1999-11-09
Round Rock, TX | said by wentlanc:
Obscurity. Ping is the simplest method of sweeping for responsive addresses, and then probing for further information. Granted echo request and reply have their place. But echo request to the users of an ISP is not particularly useful to anyone.
puritan
I can write a tool that sweeps a bunch of addresses and solicit negative responses. So, blocking ICMP will not do any good but rather a false sense of security for some and a lot of inconvenience for a lot of users.
Echo request (ping) is a diagnostic tool. It is useful for everyone and it is the simplest means to diagnose a problem on your line. I strongly disagree with you that it is for the ISP.
I think your view is very short sided. You are not solving any problem by blocking ICMP Ping but removing the capability of users self diagnose issues with their lines.
Without tools given to the user ISP will never admit they have issues on their side.
The correct solution for the ISP is to rate limit ICMP bandwidth. That way excessive pings would be blocked while users maintain the simple diagnostics capability. |
|
wentlancYou Can't Fix Dumb..
join:2003-07-30
Maineville, OH | said by DrTCP:
The correct solution for the ISP is to rate limit ICMP bandwidth. That way excessive pings would be blocked while users maintain the simple diagnostics capability.
See what happens when people communicate! I totally agree with this approach. It is better than blocking completely.
My entire point is that for the majority of internet users, they do not need to be pinged from outside of the ISP's network, and security overall needs to be tightened to help prevent spam and many of the other headaches that are wasting the resources on the internet.
puritan |
|
