jimROSSBERRY.COM

• Next message: Bluefish (P.Magnusson): "Re: stackguard-like embedded protection"
• Previous message: Lincoln Yeoh: "Re: Cisco 2621"
• In reply to: James Robbins: "Re: ICMP and BlackICE (fwd)"
• Next in thread: James Robbins: "Re: ICMP and BlackICE (fwd)"
• Reply: Jim Wildman: "Re: ICMP and BlackICE (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've found that out as well. For instance, aggressive icmp blocking
breaks www.four11.com.

But which ones?

--------------------------------------------------------------------------
Jim Wildman Managing Consultant, marchFIRST
jimrossberry.com jim.wildmanmarchfirst.com
www.rossberry.com www.marchfirst.com
(513)766-2002 x4209 (972)560-7356

On Thu, 7 Sep 2000, James Robbins wrote:

> jed,
> We just got bit by this a little while ago. You cannot block all
> ICMP traffic. Ping is only one type of service sent over ICMP.
> A list of the services supported by ICMP are:
>
> Echo Reply (Ping)
> Destination Unreachable
> Source Quench
> Redirect (change a route)
> Echo Request (Ping)
> Time Exceeded for a Datagram
> Parameter Problem on a Datagram
> Timestamp Request
> Timestamp Reply
> Information Request
> Information Reply
> Address Mask Request
> Address Mask Reply
>
> Some of these you can block with no ill effect. Others will
> break a lot of stuff.
>
> --
> James A. Robbins
> Senior Design Engineer, Network Engineer
> The Ohio State University
> Chemistry Department
>

• Next message: Bluefish (P.Magnusson): "Re: stackguard-like embedded protection"
• Previous message: Lincoln Yeoh: "Re: Cisco 2621"
• In reply to: James Robbins: "Re: ICMP and BlackICE (fwd)"
• Next in thread: James Robbins: "Re: ICMP and BlackICE (fwd)"
• Reply: Jim Wildman: "Re: ICMP and BlackICE (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]