HP3000-L Archives

January 2007, Week 4

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Checking for FTP Success
From:
Jeff Kell <[log in to unmask]>
Reply To:
Jeff Kell <[log in to unmask]>
Date:
Fri, 26 Jan 2007 15:21:32 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (23 lines) 
Johnson, Tracy wrote:
> Even if a ping were blocked at the firewall, would not there be a
> refusal response as opposed to nothing? 
> 
> Or does it go to a black hole?

ICMP is a low-level protocol designed to reflect error conditions.  As such, you don't respond to an error condition with an error condition (what if the original sender doesn't accept the error notification and tries to notify the sender, who doesn't accept the notification, etc).

There are a few notable exceptions, echo solicits a reply, timestamp request solicits a timestamp, etc.

The "unreachable" category of ICMPs (too many specifics to list) are generally reserved as notifications of errors in a higher protocol (TCP, UDP, etc) and not ICMP itself.

Port-mapping works based partly on ICMPs.  If you want to see if a specific port is open, you try to open it.  You will either get an acknowledgement (port is open), find it closed (ICMP unreachable message), or "guess" that it is filtered because you receive no response.

If you want to help a hacker port-map your domain, then enable ICMP pings and enable ICMP unreachable messages.  If you want to slow them down, disable pings and unreachables, but hope you don't have to troubleshoot in the future :-)  

It's a trade-off.

Jeff

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2