Johnson, Tracy wrote:
> Even if a ping were blocked at the firewall, would not there be a
> refusal response as opposed to nothing?
>
> Or does it go to a black hole?
ICMP is a low-level protocol designed to reflect error conditions. As such, you don't respond to an error condition with an error condition (what if the original sender doesn't accept the error notification and tries to notify the sender, who doesn't accept the notification, etc).
There are a few notable exceptions, echo solicits a reply, timestamp request solicits a timestamp, etc.
The "unreachable" category of ICMPs (too many specifics to list) are generally reserved as notifications of errors in a higher protocol (TCP, UDP, etc) and not ICMP itself.
Port-mapping works based partly on ICMPs. If you want to see if a specific port is open, you try to open it. You will either get an acknowledgement (port is open), find it closed (ICMP unreachable message), or "guess" that it is filtered because you receive no response.
If you want to help a hacker port-map your domain, then enable ICMP pings and enable ICMP unreachable messages. If you want to slow them down, disable pings and unreachables, but hope you don't have to troubleshoot in the future :-)
It's a trade-off.
Jeff
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|