 DrTCPYours trulyPremium,ExMod 1999-04
join:1999-11-09
Round Rock, TX | reply to wentlanc
Re: Deal with it..... said by wentlanc:
And TCP and UDP have already been exploited many times in the past.
So, what is the point of eliminating ICMP Ping? Particularly, UDP is a convenient one to substitute for ICMP.
The hackers, virus writes will just switch protocols. As long as there is a way to send packet anything can be exploited.
You actually do not get harmed by ICMP Echo Request or ICMP Echo Reply. It is just some background jitter and something that fills the logs of your firewall. If you like you can adjust your firewall not reply but elimination of the packet by ISP is plain wrong.
There is no good reason to block ICMP ping by the ISP. |
|
wentlancYou Can't Fix Dumb..
join:2003-07-30
Maineville, OH | Obscurity. Ping is the simplest method of sweeping for responsive addresses, and then probing for further information. Granted echo request and reply have their place. But echo request to the users of an ISP is not particularly useful to anyone.
puritan |
|
DrTCPYours trulyPremium,ExMod 1999-04
join:1999-11-09
Round Rock, TX | said by wentlanc:
Obscurity. Ping is the simplest method of sweeping for responsive addresses, and then probing for further information. Granted echo request and reply have their place. But echo request to the users of an ISP is not particularly useful to anyone.
puritan
I can write a tool that sweeps a bunch of addresses and solicit negative responses. So, blocking ICMP will not do any good but rather a false sense of security for some and a lot of inconvenience for a lot of users.
Echo request (ping) is a diagnostic tool. It is useful for everyone and it is the simplest means to diagnose a problem on your line. I strongly disagree with you that it is for the ISP.
I think your view is very short sided. You are not solving any problem by blocking ICMP Ping but removing the capability of users self diagnose issues with their lines.
Without tools given to the user ISP will never admit they have issues on their side.
The correct solution for the ISP is to rate limit ICMP bandwidth. That way excessive pings would be blocked while users maintain the simple diagnostics capability. |
|
wentlancYou Can't Fix Dumb..
join:2003-07-30
Maineville, OH | said by DrTCP:
The correct solution for the ISP is to rate limit ICMP bandwidth. That way excessive pings would be blocked while users maintain the simple diagnostics capability.
See what happens when people communicate! I totally agree with this approach. It is better than blocking completely.
My entire point is that for the majority of internet users, they do not need to be pinged from outside of the ISP's network, and security overall needs to be tightened to help prevent spam and many of the other headaches that are wasting the resources on the internet.
puritan |
|
