Blocking ICMP

eric@fnords.org
Sun, 31 Jan 1999 12:08:45 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael H. Warfield: "Re: proper place to discuss kernel 'bloatedness'?"
Previous message: Lars G. T. Joergensen: "Re: proper place to discuss kernel 'bloatedness'?"
In reply to: C. Jasper Spaans: "Re: A router bug?"
Next in thread: Marc Heckmann: "Re: A router bug?"

On Sun, Jan 31, 1999 at 04:15:02PM +0100, Tor Arntsen wrote:
> In article <fa.hmdk1av.1fl8l0l@ifi.uio.no>,
> hjl@lucon.org (H.J. Lu) writes:
> >https://webbroker.waterhouse.com
>
> Can access it, but can't ping it. They blocked icmp in the firewall,
> they're stupid and should just be ignored (they sure must have some
> competitors you could switch to).

Blocking icmp_echo_request does not automatically mean that they
also block icmp_packet_too_big.

At my former employer we blocked most types of inbound ICMP, but
not icmp_packet_too_big, icmp_echo_reply,
icmp_port/net/host_unreachable, and a bunch of others.

Unfortunately this confuses people that think that you have to
be able to ping a host in order for you to reach the host in
other ways such as tcp to port 80 or udp to port 53, etc.

--Eric

-- Eric Wieling <eric@fnords.org> BTEL Consulting Services

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael H. Warfield: "Re: proper place to discuss kernel 'bloatedness'?"
Previous message: Lars G. T. Joergensen: "Re: proper place to discuss kernel 'bloatedness'?"
In reply to: C. Jasper Spaans: "Re: A router bug?"
Next in thread: Marc Heckmann: "Re: A router bug?"