Re: blocking icmp...
On Sun, May 25, 2003 at 02:39:45PM -0400, Kevin McKinley wrote:
> On Sun, 25 May 2003 18:51:44 +0100
> Colin Watson <cjwatson@debian.org> wrote:
> > Obviously it only counts if you're sending or receiving other packets.
> > RFC 1122, a.k.a. STD 3, "Requirements for Internet Hosts --
> > Communication Layers":
> >
> > 3.2.2.6 Echo Request/Reply: RFC-792
> >
> > Every host MUST implement an ICMP Echo server function that
> > receives Echo Requests and sends corresponding Echo Replies.
>
> Thank you.
>
> Actually, that was my bad for not reading a little more closely. I saw
> "icmp" and thought "ping". :(
>
> Obviously blocking all ICMP is a lot different from just dropping pings.
Indeed; although (I may have misread you) note that blocking pings is a
specific thing that STD 3 above forbids any Internet host to do.
(You should also avoid blocking ICMP error responses, for example.)
Cheers,
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: