9 Apr
2004
9 Apr
'04
2:50 p.m.
"Martin, Eric" <MartinE@worc.k12.ma.us> writes:
I personally have my firewall configured to drop pings. If they don't know you're there, you aren't a target. Granted it doesn't keep seasoned hackers off your box, but it's one more piece of security.
I don't buy that argument. Two situations: 1) You have no other internet-visible services: * What's the harm in allowing icmp echo? Who cares, unless there happens to be some vulnerable ICMP code in the kernel. I suppose that's a risk I'd be willing to take. :) 2) You have other internet-visible services: * A port scan will reveal you, regardless of ICMP responses. -- Josh Huber