-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, May 27, 2003 at 10:51:15AM -0600, Gary Hennigan wrote: > For a server I'd agree. For a home system I'm not sure there's any > issue.
Yeah, and you've never taken flak from your boss from sending a truck out to go fix equipment that's functioning because everybody using the equipment in question is blocking ICMP, making it impossible to see if anything's making it to the "last mile." Having done tech support for @Home before, I can safely say people blocking ICMP cause support folk more frustration and grief than walking a customer through reinstalling a network adapter in Windows 2000 when the customer doesn't know how to use a mouse. Yes, I've had that happen, more than once. > I've been blocking all incoming, non-stateful, ICMP for a > number of years on my cable-connected LAN and have never had a > problem, but I don't run any type of globally accessible server. Don't do this! If you were on @Home, you are one of the people who damaged me for life by doing this. 8:oP > Personally, I'd rather make my presence on the 'net as hard to > discover as possible. If you allow echo requests it's a simple matter > for someone to run nmap, for example, to find out that a particular IP > address is valid. If you block such messages any cracker will likely > just move on to the next poor slob when your IP address doesn't show > up on his nmap scan. Better idea: Keep patched instead of relying on obscurity. - -- .''`. Baloo Ursidae <[EMAIL PROTECTED]> : :' : proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+1F1RJ5vLSqVpK2kRAvYoAKDMF4Z4YyipdwjDQSvxgrZ/Skyd5gCg2o1U 2gU2Wn6AMp00JZD1RkwJeoI= =GTG+ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
