ICMP Packets.

Toddb toddb@pacifier.com
Mon, 1 Jun 1998 09:10:13 -0700


This is a multi-part message in MIME format.

------=_NextPart_000_000A_01BD8D3D.15D739F0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

To prohibit anyone from 'pinging' our router from the internet, I have =
disabled certain ICMP packets ( namely echo reply ) from exiting our =
external router interface. They are allowed in, but not out - which =
effectively disables someone from the outside pinging our router, but =
allows internal machines to ping the outside world. I have a couple of =
questions that someone may be able to answer.
=20
1) Is there any reason that echo reply would need to be allowed out in =
response to an external request? I know this is the case for other ICMP =
messages such as packet-too-big, but I am not sure why echo-reply would =
ever be needed.
=20
2) Is there a list of ICMP message types that are needed as opposed to =
ones that are just used for troubleshooting ( like echo, echo-reply ) =
that can be blocked without problems.
=20
Thanks,
=20
Todd
=20
toddb@pacifier.com

------=_NextPart_000_000A_01BD8D3D.15D739F0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">






To prohibit anyone from 'pinging' = our router=20 from the internet, I have disabled certain ICMP packets ( namely echo = reply )=20 from exiting our external router interface. They are allowed in, but not = out -=20 which effectively disables someone from the outside pinging our router, = but=20 allows internal machines to ping the outside world. I have a couple of = questions=20 that someone may be able to answer.
 
1) Is there any reason that echo = reply would=20 need to be allowed out in response to an external request? I know this = is the=20 case for other ICMP messages such as packet-too-big, but I am not sure = why=20 echo-reply would ever be needed.
 
2) Is there a list of ICMP message = types that=20 are needed as opposed to ones that are just used for troubleshooting ( = like=20 echo, echo-reply ) that can be blocked without problems.
 
Thanks,
 
Todd
 
toddb@pacifier.com
------=_NextPart_000_000A_01BD8D3D.15D739F0--