On Thu, Nov 19, 2009 at 10:11 AM, Cynthia Wahome <cwahome@jambo.co.ke> wrote:
Hello All From a security point of view,is it advisable to block ICMP packets on your router? if so how do you do it?
IMHO. NO, but the sec guys may differ :) 1. Decide what ICMP types you'll allow to and past your border, and, what you'll respond to. 2. Rate limit. 3. Ensure your upstream provider will co-operate. 4. Rate limit. #1 depends on what services you're running behind that router. If you choose to block, that depends on what router you're running.
on the other hand, ICMP is very critical especially for network troubleshooting. also with the fibre now active, there cud be many hacking attempts. So how do you balance?
IMHO again. Believe you me, ICMP would be the least of your worries on today's 'net. Wait till you're hit by by a TCP SYN flood or some other DOS (at that point, refer to #3). About the hacking bit, blocking ICMP won't help if your little corner of the net has some hole in it. The sec guys on the list will tell you this, I'm sure. Good reference here, and Team cymru goes beyond just ICMP, so go thru their other pages: http://www.cymru.com/Documents/icmp-messages.html BR, S -- Sent from my luminous socksĀ®