[olug] VNC w/Qwest

Christopher Cashell topher-olug at zyp.org
Mon Oct 15 23:14:34 UTC 2007


On 10/15/07, Luke -Jr <luke at dashjr.org> wrote:
> ICMP is a network infrastructure protocol. Networking standards assume it is
> always in place. For example, DHCP uses pings to determine if an address is
> in use. IP autoconfiguration generally will not work at all without ICMP.
> Even if you do not need these standards, disabling ICMP is still broken.

DHCP and IP autoconfiguration are local network technologies, and not
intended to be used across disparate networks or the Internet.  I
don't know of that many people who block ICMP on internal networks
(unless it crosses security zones or firewalls).

Like it or not, blocking ICMP at a border firewall is a valid
technique for increasing security, and in this day of NAT and
connection sharing/pooling, it's very often impossible to fully
support Internet responding ICMP for all hosts on a network.

-- 
Christopher



More information about the OLUG mailing list