> I did NOT suggest blocking ALL ICMP, just echo-request and echo- > replies from internal hosts to untrusted IPs. Trojans have used > echo-request and echo-reply as a method of covert communication. If > you had read the original post you'd see that $icmp_types was defined > to be echoreq. > > I don't this is FUD.
Don't forget to also configure your firewalls to block traffic with the evil bit set. :-) -- Mathieu Sauve-Frankel
