On Sun, May 25, 2003 at 01:09:29PM -0400, Kevin McKinley wrote: > On Sun, 25 May 2003 07:31:02 -0700 > Paul Johnson <[EMAIL PROTECTED]> wrote: > > > On Sun, May 25, 2003 at 09:56:07PM +0800, Hanz wrote: > > > In setting up a firewall will there be any negative side effects if > > > i block icmp? > > > > Well, other than it breaking the TCP/IP standard and making some > > servers think you don't exist (some ping back), no. > > How would declining to answer pings "break the TCP/IP standard"? That's like > saying if you don't answer the telephone you're breaking the telephone > standard.
It's anti-social and hamfisted. Some CPAN servers are blocking icmp now and that makes it difficult to tell if they are even up. There are more precise and reasonable means, using netfilter (iptables) to protect against icmp DoS attacks. At the very least one shouldn't do something that one doesn't want others to do. Set a good example and all that. -- See my OpenPGP key at https://savannah.gnu.org/people/viewgpg.php?user_id=6050 GnuPG public key fingerprint | "Only when efforts to reform society have as BD26 A5D8 D781 C96B 9936 | their point of departure the reformation of 310F 0573 A3D9 4E24 4EA6 | the inner life -- human revolution -- will they lead us with certainty to a world of lasting peace and true human security." -- Daisaku Ikeda -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
