|
On Wed, 4 Dec 2002, Justin Haase wrote: > > So if your iSeries is on the internet (port 23 or any port for that matter) > then the sniffer could sniff it. Internal network with no direct internet > access, no. Access to internet, fair game. > It doesn't matter if your iSeries is directly connected to the internet, or if it goes through a few routers first... as long as the packets get there, they can be sniffed. > > Turning ICMP off is the first step in effective security (no ping > responses). > Turning off ICMP is a really bad idea. ICMP is used for many important functions in TCP/IP. It's the error reporting protocol of the internet, it notifies you when connections to a server can't be made because the server is not listening, or the routes aren't available, or hosts are unavailable, or your packets have exceeded their TTLs. Without it, the TCP/IP protocol cannot work as it was designed to. If you want to block pings, then use a firewall that's smart enough to block pings without blocking other ICMP functions. I don't understand why you think ICMP is a security risk. All it can do is a 'Denial Of Service' attack by flooding your network with traffic, so that important tasks take longer. Rather than blocking it, you should simply LIMIT it, so that only X packets can travel through a firewall in a given amount of time. That prevents the DOS without breaking the functionality that ICMP provides.
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
