"Paul Johnson" <[EMAIL PROTECTED]> writes: > On Tue, May 27, 2003 at 10:51:15AM -0600, Gary Hennigan wrote: [snip] > > I've been blocking all incoming, non-stateful, ICMP for a > > number of years on my cable-connected LAN and have never had a > > problem, but I don't run any type of globally accessible server. > > Don't do this! If you were on @Home, you are one of the people who > damaged me for life by doing this. 8:oP
I was on @Home for about a month. Anyway, blocking ICMP is the least of my worries if I have to talk to support. Next time, for fun, call your support line and tell them you're running an OpenBSD firewall that's connected to your cable modem and prepare for, if you're lucky, a profound silence. In most situations I'd expect to hear "that's not supported". In general, if I have to talk to support I swap cables in my wiring closet and hook my Win2k box up directly to my cable modem and then call support. > > Personally, I'd rather make my presence on the 'net as hard to > > discover as possible. If you allow echo requests it's a simple matter > > for someone to run nmap, for example, to find out that a particular IP > > address is valid. If you block such messages any cracker will likely > > just move on to the next poor slob when your IP address doesn't show > > up on his nmap scan. > > Better idea: Keep patched instead of relying on obscurity. Best idea: Use any and all tools at your disposal for security, *including* obscurity. Gary -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
