|
On Wed, 4 Dec 2002, Justin Haase wrote: > > So if your iSeries is on the internet (port 23 or any port for that matter) > then the sniffer could sniff it. Internal network with no direct internet > access, no. Access to internet, fair game. > It doesn't matter if your iSeries is directly connected to the internet, or if it goes through a few routers first... as long as the packets get there, they can be sniffed. > > Turning ICMP off is the first step in effective security (no ping > responses). > Turning off ICMP is a really bad idea. ICMP is used for many important functions in TCP/IP. It's the error reporting protocol of the internet, it notifies you when connections to a server can't be made because the server is not listening, or the routes aren't available, or hosts are unavailable, or your packets have exceeded their TTLs. Without it, the TCP/IP protocol cannot work as it was designed to. If you want to block pings, then use a firewall that's smart enough to block pings without blocking other ICMP functions. I don't understand why you think ICMP is a security risk. All it can do is a 'Denial Of Service' attack by flooding your network with traffic, so that important tasks take longer. Rather than blocking it, you should simply LIMIT it, so that only X packets can travel through a firewall in a given amount of time. That prevents the DOS without breaking the functionality that ICMP provides.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
