INERNET GATEWAY PING BLOCK
Hello All
From a security point of view,is it advisable to block ICMP packets on your router? if so how do you do it? on the other hand, ICMP is very critical especially for network troubleshooting. also with the fibre now active, there cud be many hacking attempts. So how do you balance?
Regards Cynthia ---------------------------------------------- This message has been scanned for viruses and dangerous content by Jambo MailScanner, and is believed to be clean. --------------------------------------------- "easy access to the world"
On Thu, Nov 19, 2009 at 10:11 AM, Cynthia Wahome <cwahome@jambo.co.ke>wrote:
Hello All From a security point of view,is it advisable to block ICMP packets on your router? if so how do you do it? on the other hand, ICMP is very critical especially for network troubleshooting. also with the fibre now active, there cud be many hacking attempts. So how do you balance?
Regards Cynthia
Hello @Cynthia, IMO blocking ICMP is may cause problems with route entries. If you think that an ICMP DOS is imminent, I'd suggest create a pool of say 8kbps bandwidth and allocate that to ICMP protocol. They can try as much, they ain't going nowhere. The creation of the 8kbps pool is to allow real imcp traffic to work, but immediately that traffic is pushed ( which is not normal ), the icmp pool will start to timeout and drop packets. Goodbye to the Dossers, with packet drops, what can they really do but look for alternative ports and not icmp... :-) Haiya, chai na mandazi....... :-)))))) Me thots.
On Thu, Nov 19, 2009 at 10:11 AM, Cynthia Wahome <cwahome@jambo.co.ke> wrote:
Hello All From a security point of view,is it advisable to block ICMP packets on your router? if so how do you do it?
IMHO. NO, but the sec guys may differ :) 1. Decide what ICMP types you'll allow to and past your border, and, what you'll respond to. 2. Rate limit. 3. Ensure your upstream provider will co-operate. 4. Rate limit. #1 depends on what services you're running behind that router. If you choose to block, that depends on what router you're running.
on the other hand, ICMP is very critical especially for network troubleshooting. also with the fibre now active, there cud be many hacking attempts. So how do you balance?
IMHO again. Believe you me, ICMP would be the least of your worries on today's 'net. Wait till you're hit by by a TCP SYN flood or some other DOS (at that point, refer to #3). About the hacking bit, blocking ICMP won't help if your little corner of the net has some hole in it. The sec guys on the list will tell you this, I'm sure. Good reference here, and Team cymru goes beyond just ICMP, so go thru their other pages: http://www.cymru.com/Documents/icmp-messages.html BR, S -- Sent from my luminous socks®
participants (3)
-
aki -
Cynthia Wahome -
Steve Muchai