[ previous ] [ next ] [ threads ]
 From:  "Chad R. Larson" <clarson at eldocomp dot com>
 To:  Sergei Kostigoff <sergei at kostigoff dot net>, "Michael A. Alderete" <lists dash 2003 at alderete dot com>
 Cc:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] User Docs: Getting Started with m0n0wall
 Date:  Tue, 27 Jan 2004 16:05:11 -0700
At 05:04 AM 1/23/2004, Sergei Kostigoff wrote:
>Could you please mention on how to enable ICMP, and advise why it is not a 
>good practice to do it.

ICMP is a part of the TCP protocol.  If you're going to be a good net 
citizen, you =should= enable it.

Otherwise, how are your LAN clients going to do MTU discovery, or find that 
a host is unreachable, or that there is a routing loop out there, or...

The only ICMP service you could make a good case for blocking is "echo 
request", which could be used to map your network.

Chad R. Larson (CRL22)    chad at eldocomp dot com
   Eldorado Computing, Inc.   602-604-3100
      5353 North 16th Street, Suite 400
        Phoenix, Arizona   85016-3228


This message is intended for the sole use of the individual and entity to whom it is addressed, and
may contain information that is privileged, confidential and exempt from disclosure under applicable
law. If you are not the intended addressee, nor authorized to receive for the intended addressee,
you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or
any information contained in the message. If you have received this message in error, please
immediately advise the sender by reply email, and delete the message. Thank you.