29 Sep
2008
29 Sep
'08
12:24 p.m.
Carl Perry <caperry@edolnx.net> writes:
It's been a few years since the "ping death" scares of 1997, do we really need to stop dropping any ICMP traffic anymore?
I used to routinely drop ICMP from outside (at a different employer) because of the use at the time of ICMP as a covert communications channel by Loki and similar malware. ICMP messages were (are) also very useful for mapping services on a network. This was before "stateful" packet inspection on ICMP was commonplace, and before ICMP traffic could be selectively blocked by type. -- Jim Goltz <jgoltz@mail.nih.gov>