[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: blocking icmp...

On Sun, May 25, 2003 at 02:39:45PM -0400, Kevin McKinley wrote:
> On Sun, 25 May 2003 18:51:44 +0100
> Colin Watson <cjwatson@debian.org> wrote:
> > Obviously it only counts if you're sending or receiving other packets.
> > RFC 1122, a.k.a. STD 3, "Requirements for Internet Hosts --
> > Communication Layers":
> > 
> >          3.2.2.6  Echo Request/Reply: RFC-792
> > 
> >             Every host MUST implement an ICMP Echo server function that
> >             receives Echo Requests and sends corresponding Echo Replies.
> 
> Thank you.
> 
> Actually, that was my bad for not reading a little more closely. I saw
> "icmp" and thought "ping". :(
> 
> Obviously blocking all ICMP is a lot different from just dropping pings.

Indeed; although (I may have misread you) note that blocking pings is a
specific thing that STD 3 above forbids any Internet host to do.

(You should also avoid blocking ICMP error responses, for example.)

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
Reply to: