Re: Packet filtering help

[Jim Breton <jamesb-debian@alongtheway.com>]

On Mon, Apr 09, 2001 at 03:20:00PM -0400, Noah L. Meyerhans wrote:
> Ask yourself this: *Why* should ICMP be filtered?  What are you gaining?
> Do you sleep better at night knowing that your machine won't respond to
> pings?  It really doesn't make you any safer.

What are you gaining by responding to them?

A decent policy is to drop everything you don't need to respond to.

Now, if you need to reply to pings, etc. for debugging purposes, or for
availability monitoring, etc. then that is a valid reason.


> I don't feel like you gain any security by DENYing connections or by
> filtering ICMP.

You do gain some "security through obscurity."  Depending on how much
you value this contributes to your subsequent choice.

For instance, many script kiddies will not scan your entire box if you
are undetected by a ping sweep.  Granted, if you have other
vulnerabilities that you are hiding then you have bigger problems.  But
it can buy you some time at least.

I'm sure this is a perfectly flammable post, so discussion is
encouraged. ;)